library-gen/Stratosphere/Resources/LambdaPermission.hs

{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE OverloadedStrings #-}

-- | The AWS::Lambda::Permission resource associates a policy statement with a
-- specific AWS Lambda (Lambda) function's access policy. The function policy
-- grants a specific AWS service or application permission to invoke the
-- function. For more information, see AddPermission in the AWS Lambda
-- Developer Guide.

module Stratosphere.Resources.LambdaPermission where

import Control.Lens
import Data.Aeson
import Data.Aeson.Types
import Data.Text
import GHC.Generics

import Stratosphere.Values


-- | Full data type definition for LambdaPermission. See 'lambdaPermission'
-- for a more convenient constructor.
data LambdaPermission =
  LambdaPermission
  { _lambdaPermissionAction :: Val Text
  , _lambdaPermissionFunctionName :: Val Text
  , _lambdaPermissionPrincipal :: Val Text
  , _lambdaPermissionSourceAccount :: Maybe (Val Text)
  , _lambdaPermissionSourceArn :: Maybe (Val Text)
  } deriving (Show, Generic)

instance ToJSON LambdaPermission where
  toJSON = genericToJSON defaultOptions { fieldLabelModifier = Prelude.drop 17, omitNothingFields = True }

instance FromJSON LambdaPermission where
  parseJSON = genericParseJSON defaultOptions { fieldLabelModifier = Prelude.drop 17, omitNothingFields = True }

-- | Constructor for 'LambdaPermission' containing required fields as
-- arguments.
lambdaPermission
  :: Val Text -- ^ 'lpAction'
  -> Val Text -- ^ 'lpFunctionName'
  -> Val Text -- ^ 'lpPrincipal'
  -> LambdaPermission
lambdaPermission actionarg functionNamearg principalarg =
  LambdaPermission
  { _lambdaPermissionAction = actionarg
  , _lambdaPermissionFunctionName = functionNamearg
  , _lambdaPermissionPrincipal = principalarg
  , _lambdaPermissionSourceAccount = Nothing
  , _lambdaPermissionSourceArn = Nothing
  }

-- | The Lambda actions that you want to allow in this statement. For example,
-- you can specify lambda:CreateFunction to specify a certain action, or use a
-- wildcard (lambda:*) to grant permission to all Lambda actions. For a list
-- of actions, see Actions and Condition Context Keys for AWS Lambda in the
-- IAM User Guide.
lpAction :: Lens' LambdaPermission (Val Text)
lpAction = lens _lambdaPermissionAction (\s a -> s { _lambdaPermissionAction = a })

-- | The name (physical ID) or Amazon Resource Name (ARN) of the Lambda
-- function that you want to associate with this statement. Lambda adds this
-- statement to the function's access policy.
lpFunctionName :: Lens' LambdaPermission (Val Text)
lpFunctionName = lens _lambdaPermissionFunctionName (\s a -> s { _lambdaPermissionFunctionName = a })

-- | The entity for which you are granting permission to invoke the Lambda
-- function. This entity can be any valid AWS service principal, such as
-- s3.amazonaws.com or sns.amazonaws.com, or, if you are granting
-- cross-account permission, an AWS account ID. For example, you might want to
-- allow a custom application in another AWS account to push events to Lambda
-- by invoking your function.
lpPrincipal :: Lens' LambdaPermission (Val Text)
lpPrincipal = lens _lambdaPermissionPrincipal (\s a -> s { _lambdaPermissionPrincipal = a })

-- | The AWS account ID (without hyphens) of the source owner. For example, if
-- you specify an S3 bucket in the SourceArn property, this value is the
-- bucket owner's account ID. You can use this property to ensure that all
-- source principals are owned by a specific account. Important This property
-- is not supported by all event sources. For more information, see the
-- SourceAccount parameter for the AddPermission action in the AWS Lambda
-- Developer Guide.
lpSourceAccount :: Lens' LambdaPermission (Maybe (Val Text))
lpSourceAccount = lens _lambdaPermissionSourceAccount (\s a -> s { _lambdaPermissionSourceAccount = a })

-- | The ARN of a resource that is invoking your function. When granting
-- Amazon Simple Storage Service (Amazon S3) permission to invoke your
-- function, specify this property with the bucket ARN as its value. This
-- ensures that events generated only from the specified bucket, not just any
-- bucket from any AWS account that creates a mapping to your function, can
-- invoke the function. Important This property is not supported by all event
-- sources. For more information, see the SourceArn parameter for the
-- AddPermission action in the AWS Lambda Developer Guide.
lpSourceArn :: Lens' LambdaPermission (Maybe (Val Text))
lpSourceArn = lens _lambdaPermissionSourceArn (\s a -> s { _lambdaPermissionSourceArn = a })