### Issue # (if applicable) Fixes #9327 Fixes #19535 ### Reason for this change The maximum Lambda permission policy size can be exceeded for APIs which reuse the same Lambda function for multiple operations, as the integration adds a new permission for each operation, scoped down to the specific operation. ### Description of changes This change updates both the REST and HTTP API lambda integrations with options to scope the permission to any operation on the API, adding a single statement and avoiding overflowing the maximum policy size. Raised this as a new PR to replace #35705 so we have a clearer history in case we ever wanted to consider the more automatic implementation which collapses permissions. ### Describe any new or updated permissions being added Permission for API Gateway to invoke the lambda is scoped to any resource/method/stage when `scopePermissionToMethod` (for REST) or `scopePermissionToRoute` (for HTTP) is set to `false`. ### Description of how you validated changes Unit tests, Integ tests Added an integration test for both REST and HTTP (`integ.lambda-permission-consolidation`). ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*