aws.lambda-permission resource¶
Description¶
Permission grants a principal permission to invoke a Lambda function by adding a statement to the function's resource-based policy. Every field is fixed at create time: AWS exposes no call to edit a statement in place, so a change to any field replaces the statement. The statement has no tags and no server-assigned handle beyond its statement id, which is the identity. When statement-id is omitted a unique one is generated so the statement can still be addressed for read and delete.
Source: internal/service/lambda/permission_rsrc.go:59
Example usage:
imports: {
aws: 'github.com/cloudboss/unobin-library-aws'
}
resources: {
example: aws.lambda-permission {
# Set input fields here.
}
}
Inputs¶
action
string
function-name
string
principal
string
statement-id
optional(string)
qualifier
optional(string)
event-source-token
optional(string)
function-url-auth-type
optional(string)
invoked-via-function-url
optional(boolean)
principal-org-id
optional(string)
source-account
optional(string)
source-arn
optional(string)
Input Constraints¶
Function url auth type rules
function-url-auth-type must be AWS_IAM or NONE.
Rule logic
- When
input.function-url-auth-type != null- Require
input.function-url-auth-type == 'AWS_IAM'
|| input.function-url-auth-type == 'NONE'
Outputs¶
statement-id
string