import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [network-firewall](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsnetworkfirewall.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class NetworkFirewall extends PolicyStatement { servicePrefix: string; /** * Grants permission to accept pending Network Firewall attachments on a transit gateway * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_AcceptNetworkFirewallTransitGatewayAttachment.html */ toAcceptNetworkFirewallTransitGatewayAttachment(): this; /** * Grants permission to associate availability zones to a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_AssociateAvailabilityZones.html */ toAssociateAvailabilityZones(): this; /** * Grants permission to create an association between a firewall policy and a firewall * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_AssociateFirewallPolicy.html */ toAssociateFirewallPolicy(): this; /** * Grants permission to associate VPC subnets to a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_AssociateSubnets.html */ toAssociateSubnets(): this; /** * Grants permission to attach proxy rule groups to a proxy configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_AttachRuleGroupsToProxyConfiguration.html */ toAttachRuleGroupsToProxyConfiguration(): this; /** * Grants permission to create an AWS Network Firewall firewall * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateFirewall.html */ toCreateFirewall(): this; /** * Grants permission to create an AWS Network Firewall firewall policy * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateFirewallPolicy.html */ toCreateFirewallPolicy(): this; /** * Grants permission to create an AWS Network Firewall proxy * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:AttachApplianceToNatGateway * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateProxy.html */ toCreateProxy(): this; /** * Grants permission to create an AWS Network Firewall proxy configuration * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateProxyConfiguration.html */ toCreateProxyConfiguration(): this; /** * Grants permission to create an AWS Network Firewall proxy rule group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateProxyRuleGroup.html */ toCreateProxyRuleGroup(): this; /** * Grants permission to add proxy rules to a proxy rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateProxyRules.html */ toCreateProxyRules(): this; /** * Grants permission to create an AWS Network Firewall rule group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateRuleGroup.html */ toCreateRuleGroup(): this; /** * Grants permission to create an AWS Network Firewall tls inspection configuration * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateTLSInspectionConfiguration.html */ toCreateTLSInspectionConfiguration(): this; /** * Grants permission to create an AWS Network Firewall vpc endpoint association * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateVpcEndpointAssociation.html */ toCreateVpcEndpointAssociation(): this; /** * Grants permission to delete a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteFirewall.html */ toDeleteFirewall(): this; /** * Grants permission to delete a firewall policy * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteFirewallPolicy.html */ toDeleteFirewallPolicy(): this; /** * Grants permission to delete Network Firewall attachments on a transit gateway * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteNetworkFirewallTransitGatewayAttachment.html */ toDeleteNetworkFirewallTransitGatewayAttachment(): this; /** * Grants permission to delete a proxy * * Access Level: Write * * Dependent actions: * - ec2:DetachApplianceFromNatGateway * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteProxy.html */ toDeleteProxy(): this; /** * Grants permission to delete a proxy configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteProxyConfiguration.html */ toDeleteProxyConfiguration(): this; /** * Grants permission to delete a proxy rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteProxyRuleGroup.html */ toDeleteProxyRuleGroup(): this; /** * Grants permission to remove proxy rules from a proxy rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteProxyRules.html */ toDeleteProxyRules(): this; /** * Grants permission to delete a resource policy for a firewall policy or rule group or firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete a rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteRuleGroup.html */ toDeleteRuleGroup(): this; /** * Grants permission to delete a tls inspection configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteTLSInspectionConfiguration.html */ toDeleteTLSInspectionConfiguration(): this; /** * Grants permission to delete a vpc endpoint association * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteVpcEndpointAssociation.html */ toDeleteVpcEndpointAssociation(): this; /** * Grants permission to retrieve the data objects that define a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeFirewall.html */ toDescribeFirewall(): this; /** * Grants permission to retrieve the high-level information about a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeFirewallMetadata.html */ toDescribeFirewallMetadata(): this; /** * Grants permission to retrieve the data objects that define a firewall policy * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeFirewallPolicy.html */ toDescribeFirewallPolicy(): this; /** * Grants permission to describe a flow operation performed on a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeFlowOperation.html */ toDescribeFlowOperation(): this; /** * Grants permission to describe the logging configuration of a firewall * * Access Level: Read * * Dependent actions: * - logs:GetLogDelivery * - logs:ListLogDeliveries * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeLoggingConfiguration.html */ toDescribeLoggingConfiguration(): this; /** * Grants permission to retrieve the data objects that define a proxy * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeProxy.html */ toDescribeProxy(): this; /** * Grants permission to retrieve the data objects that define a proxy configuration * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeProxyConfiguration.html */ toDescribeProxyConfiguration(): this; /** * Grants permission to retrieve the data objects that define a proxy rule * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeProxyRule.html */ toDescribeProxyRule(): this; /** * Grants permission to retrieve the data objects that define a proxy rule group * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeProxyRuleGroup.html */ toDescribeProxyRuleGroup(): this; /** * Grants permission to describe a resource policy for a firewall policy or rule group or firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeResourcePolicy.html */ toDescribeResourcePolicy(): this; /** * Grants permission to retrieve the data objects that define a rule group * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html */ toDescribeRuleGroup(): this; /** * Grants permission to retrieve the high-level information about a rule group * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroupMetadata.html */ toDescribeRuleGroupMetadata(): this; /** * Grants permission to retrieve the summary information about a rule group * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroupSummary.html */ toDescribeRuleGroupSummary(): this; /** * Grants permission to retrieve the data objects that define a tls inspection configuration * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeTLSInspectionConfiguration.html */ toDescribeTLSInspectionConfiguration(): this; /** * Grants permission to retrieve the data objects that define a vpc endpoint association * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeVpcEndpointAssociation.html */ toDescribeVpcEndpointAssociation(): this; /** * Grants permission to detach proxy rule groups from a proxy configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DetachRuleGroupsFromProxyConfiguration.html */ toDetachRuleGroupsFromProxyConfiguration(): this; /** * Grants permission to disassociate availability zones to a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DisassociateAvailabilityZones.html */ toDisassociateAvailabilityZones(): this; /** * Grants permission to disassociate VPC subnets from a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DisassociateSubnets.html */ toDisassociateSubnets(): this; /** * Grants permission to retrieve analysis report results of a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_GetAnalysisReportResults.html */ toGetAnalysisReportResults(): this; /** * Grants permission to list firewall analysis reports * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListAnalysisReports.html */ toListAnalysisReports(): this; /** * Grants permission to retrieve the metadata for firewall policies * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFirewallPolicies.html */ toListFirewallPolicies(): this; /** * Grants permission to retrieve the metadata for firewalls * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFirewalls.html */ toListFirewalls(): this; /** * Grants permission to list results from a flow operation performed on a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFlowOperationResults.html */ toListFlowOperationResults(): this; /** * Grants permission to list flow operations performed on a firewall * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFlowOperations.html */ toListFlowOperations(): this; /** * Grants permission to retrieve the metadata for proxies * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListProxies.html */ toListProxies(): this; /** * Grants permission to retrieve the metadata for proxy configurations * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListProxyConfigurations.html */ toListProxyConfigurations(): this; /** * Grants permission to retrieve the metadata for proxy rule groups * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListProxyRuleGroups.html */ toListProxyRuleGroups(): this; /** * Grants permission to retrieve the metadata for rule groups * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListRuleGroups.html */ toListRuleGroups(): this; /** * Grants permission to retrieve the metadata for tls inspection configurations * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListTLSInspectionConfigurations.html */ toListTLSInspectionConfigurations(): this; /** * Grants permission to retrieve the tags for a resource * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to retrieve the metadata for vpc endpoint associations * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListVpcEndpointAssociations.html */ toListVpcEndpointAssociations(): this; /** * Grants permission to put a resource policy for a firewall policy or rule group or firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy(): this; /** * Grants permission to reject pending Network Firewall attachments on a transit gateway * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_RejectNetworkFirewallTransitGatewayAttachment.html */ toRejectNetworkFirewallTransitGatewayAttachment(): this; /** * Grants permission to start an analysis report on a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_GetAnalysisReportResults.html */ toStartAnalysisReport(): this; /** * Grants permission to start capture operation on a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_StartFlowCapture.html */ toStartFlowCapture(): this; /** * Grants permission to start flush operation on a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_StartFlowFlush.html */ toStartFlowFlush(): this; /** * Grants permission to attach tags to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove tags from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to add or remove availability zone change protection for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateAvailabilityZoneChangeProtection.html */ toUpdateAvailabilityZoneChangeProtection(): this; /** * Grants permission to modify firewall analysis settings of a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallAnalysisSettings.html */ toUpdateFirewallAnalysisSettings(): this; /** * Grants permission to add or remove delete protection for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallDeleteProtection.html */ toUpdateFirewallDeleteProtection(): this; /** * Grants permission to modify the description for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallDescription.html */ toUpdateFirewallDescription(): this; /** * Grants permission to modify the encryption configuration of a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallEncryptionConfiguration.html */ toUpdateFirewallEncryptionConfiguration(): this; /** * Grants permission to modify a firewall policy * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallPolicy.html */ toUpdateFirewallPolicy(): this; /** * Grants permission to add or remove firewall policy change protection for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallPolicyChangeProtection.html */ toUpdateFirewallPolicyChangeProtection(): this; /** * Grants permission to modify the logging configuration of a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateLoggingConfiguration.html */ toUpdateLoggingConfiguration(): this; /** * Grants permission to modify a proxy * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateProxy.html */ toUpdateProxy(): this; /** * Grants permission to modify a proxy configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateProxyConfiguration.html */ toUpdateProxyConfiguration(): this; /** * Grants permission to update an existing proxy rule on a proxy rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateProxyRule.html */ toUpdateProxyRule(): this; /** * Grants permission to modify rule group priorities on a proxy configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateProxyRuleGroupPriorities.html */ toUpdateProxyRuleGroupPriorities(): this; /** * Grants permission to update proxy rule priorities within a proxy rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateProxyRulePriorities.html */ toUpdateProxyRulePriorities(): this; /** * Grants permission to modify a rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateRuleGroup.html */ toUpdateRuleGroup(): this; /** * Grants permission to add or remove subnet change protection for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateSubnetChangeProtection.html */ toUpdateSubnetChangeProtection(): this; /** * Grants permission to modify a tls inspection configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateTLSInspectionConfiguration.html */ toUpdateTLSInspectionConfiguration(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type Firewall to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_Firewall.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFirewall(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type FirewallPolicy to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_FirewallPolicyResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFirewallPolicy(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type StatefulRuleGroup to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_RuleGroupResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onStatefulRuleGroup(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type StatelessRuleGroup to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_RuleGroupResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onStatelessRuleGroup(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type TLSInspectionConfiguration to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_TLSInspectionConfigurationResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTLSInspectionConfiguration(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type VpcEndpointAssociation to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_VpcEndpointAssociation.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onVpcEndpointAssociation(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ProxyRuleGroup to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ProxyRuleGroup.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onProxyRuleGroup(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ProxyConfiguration to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ProxyConfiguration.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onProxyConfiguration(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type Proxy to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_Proxy.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onProxy(name: string, account?: string, region?: string, partition?: string): this; /** * Filters access by on the allowed set of values for each of the tags * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toAssociateFirewallPolicy() * - .toCreateFirewall() * - .toCreateFirewallPolicy() * - .toCreateProxy() * - .toCreateProxyConfiguration() * - .toCreateProxyRuleGroup() * - .toCreateRuleGroup() * - .toCreateTLSInspectionConfiguration() * - .toCreateVpcEndpointAssociation() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag value associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - Firewall * - FirewallPolicy * - StatefulRuleGroup * - StatelessRuleGroup * - TLSInspectionConfiguration * - VpcEndpointAssociation * - ProxyRuleGroup * - ProxyConfiguration * - Proxy * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of mandatory tags in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toAssociateFirewallPolicy() * - .toCreateFirewall() * - .toCreateFirewallPolicy() * - .toCreateProxy() * - .toCreateProxyConfiguration() * - .toCreateProxyRuleGroup() * - .toCreateRuleGroup() * - .toCreateTLSInspectionConfiguration() * - .toCreateVpcEndpointAssociation() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [network-firewall](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsnetworkfirewall.html). * */ constructor(props?: iam.PolicyStatementProps); }