chore(appmesh): delegate grantStreamAggregatedResources to VirtualNodeGrants (#36141)

`VitualNode.grantStreamAggregatedResources()` isn't delegating its logic to `VirtualNodeGrants`. Fix that.

Also update the README.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: otaviomacedo

packages/aws-cdk-lib/aws-appmesh/README.md

@@ -913,18 +913,18 @@ appmesh.Mesh.fromMeshName(this, 'imported-mesh', 'abc');
 
 ## IAM Grants
 
-`VirtualNode` and `VirtualGateway` provide `grantStreamAggregatedResources` methods that grant identities that are running
-Envoy access to stream generated config from App Mesh.
+`VirtualNode` and `VirtualGateway` have a `grants` property that provides a `streamAggregatedResources` 
+methods that grant identities that are running Envoy access to stream generated config from App Mesh.
 
 ```ts
 declare const mesh: appmesh.Mesh;
 const gateway = new appmesh.VirtualGateway(this, 'testGateway', { mesh });
 const envoyUser = new iam.User(this, 'envoyUser');
 
 /**
- * This will grant `grantStreamAggregatedResources` ONLY for this gateway.
+ * This will grant `appmesh:StreamAggregatedResources` ONLY for this gateway.
  */
-gateway.grantStreamAggregatedResources(envoyUser)
+gateway.grants.streamAggregatedResources(envoyUser)
 ```
 
 ## Adding Resources to shared meshes

packages/aws-cdk-lib/aws-appmesh/lib/virtual-node.ts

@@ -1,5 +1,6 @@
 import { Construct } from 'constructs';
-import { CfnVirtualNode } from './appmesh.generated';
+import { VirtualNodeGrants } from './appmesh-grants.generated';
+import { CfnVirtualNode, IVirtualNodeRef, VirtualNodeReference } from './appmesh.generated';
 import { IMesh, Mesh } from './mesh';
 import { renderMeshOwner, renderTlsClientPolicy } from './private/utils';
 import { ServiceDiscovery, ServiceDiscoveryConfig } from './service-discovery';
@@ -13,7 +14,7 @@ import { propertyInjectable } from '../../core/lib/prop-injectable';
 /**
  * Interface which all VirtualNode based classes must implement
  */
-export interface IVirtualNode extends cdk.IResource {
+export interface IVirtualNode extends cdk.IResource, IVirtualNodeRef {
   /**
    * The name of the VirtualNode
    *
@@ -116,12 +117,20 @@ abstract class VirtualNodeBase extends cdk.Resource implements IVirtualNode {
    */
   public abstract readonly mesh: IMesh;
 
+  /**
+   * Collection of grants for this Virtual Node
+   */
+  public readonly grants = VirtualNodeGrants.fromVirtualNode(this);
+
+  public get virtualNodeRef(): VirtualNodeReference {
+    return {
+      virtualNodeArn: this.virtualNodeArn,
+      virtualNodeId: this.virtualNodeName,
+    };
+  }
+
   public grantStreamAggregatedResources(identity: iam.IGrantable): iam.Grant {
-    return iam.Grant.addToPrincipal({
-      grantee: identity,
-      actions: ['appmesh:StreamAggregatedResources'],
-      resourceArns: [this.virtualNodeArn],
-    });
+    return this.grants.streamAggregatedResources(identity);
   }
 }