| Copyright | (c) 2013-2023 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Amazonka.Lambda.AddPermission
Description
Grants an Amazon Web Service, Amazon Web Services account, or Amazon Web Services organization permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies to version $LATEST.
To grant permission to another account, specify the account ID as the
Principal. To grant permission to an organization defined in
Organizations, specify the organization ID as the PrincipalOrgID. For
Amazon Web Services, the principal is a domain-style identifier that the
service defines, such as s3.amazonaws.com or sns.amazonaws.com. For
Amazon Web Services, you can also specify the ARN of the associated
resource as the SourceArn. If you grant permission to a service
principal without specifying the source, other accounts could
potentially configure resources in their account to invoke your Lambda
function.
This operation adds a statement to a resource-based permissions policy for the function. For more information about function policies, see Using resource-based policies for Lambda.
Synopsis
- data AddPermission = AddPermission' {}
- newAddPermission :: Text -> Text -> Text -> Text -> AddPermission
- addPermission_eventSourceToken :: Lens' AddPermission (Maybe Text)
- addPermission_functionUrlAuthType :: Lens' AddPermission (Maybe FunctionUrlAuthType)
- addPermission_principalOrgID :: Lens' AddPermission (Maybe Text)
- addPermission_qualifier :: Lens' AddPermission (Maybe Text)
- addPermission_revisionId :: Lens' AddPermission (Maybe Text)
- addPermission_sourceAccount :: Lens' AddPermission (Maybe Text)
- addPermission_sourceArn :: Lens' AddPermission (Maybe Text)
- addPermission_functionName :: Lens' AddPermission Text
- addPermission_statementId :: Lens' AddPermission Text
- addPermission_action :: Lens' AddPermission Text
- addPermission_principal :: Lens' AddPermission Text
- data AddPermissionResponse = AddPermissionResponse' {
- statement :: Maybe Text
- httpStatus :: Int
- newAddPermissionResponse :: Int -> AddPermissionResponse
- addPermissionResponse_statement :: Lens' AddPermissionResponse (Maybe Text)
- addPermissionResponse_httpStatus :: Lens' AddPermissionResponse Int
Creating a Request
data AddPermission Source #
See: newAddPermission smart constructor.
Constructors
| AddPermission' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> AddPermission |
Create a value of AddPermission with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:eventSourceToken:AddPermission', addPermission_eventSourceToken - For Alexa Smart Home functions, a token that the invoker must supply.
$sel:functionUrlAuthType:AddPermission', addPermission_functionUrlAuthType - The type of authentication that your function URL uses. Set to AWS_IAM
if you want to restrict access to authenticated IAM users only. Set to
NONE if you want to bypass IAM authentication to create a public
endpoint. For more information, see
Security and auth model for Lambda function URLs.
$sel:principalOrgID:AddPermission', addPermission_principalOrgID - The identifier for your organization in Organizations. Use this to grant
permissions to all the Amazon Web Services accounts under this
organization.
$sel:qualifier:AddPermission', addPermission_qualifier - Specify a version or alias to add permissions to a published version of
the function.
AddPermission, addPermission_revisionId - Update the policy only if the revision ID matches the ID that's
specified. Use this option to avoid modifying a policy that has changed
since you last read it.
$sel:sourceAccount:AddPermission', addPermission_sourceAccount - For Amazon Web Service, the ID of the Amazon Web Services account that
owns the resource. Use this together with SourceArn to ensure that the
specified account owns the resource. It is possible for an Amazon S3
bucket to be deleted by its owner and recreated by another account.
$sel:sourceArn:AddPermission', addPermission_sourceArn - For Amazon Web Services, the ARN of the Amazon Web Services resource
that invokes the function. For example, an Amazon S3 bucket or Amazon
SNS topic.
Note that Lambda configures the comparison using the StringLike
operator.
AddPermission, addPermission_functionName - The name of the Lambda function, version, or alias.
Name formats
- Function name –
my-function(name-only),my-function:v1(with alias). - Function ARN –
arn:aws:lambda:us-west-2:123456789012:function:my-function. - Partial ARN –
123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
$sel:statementId:AddPermission', addPermission_statementId - A statement identifier that differentiates the statement from others in
the same policy.
$sel:action:AddPermission', addPermission_action - The action that the principal can use on the function. For example,
lambda:InvokeFunction or lambda:GetFunction.
$sel:principal:AddPermission', addPermission_principal - The Amazon Web Service or Amazon Web Services account that invokes the
function. If you specify a service, use SourceArn or SourceAccount
to limit who can invoke the function through that service.
Request Lenses
addPermission_eventSourceToken :: Lens' AddPermission (Maybe Text) Source #
For Alexa Smart Home functions, a token that the invoker must supply.
addPermission_functionUrlAuthType :: Lens' AddPermission (Maybe FunctionUrlAuthType) Source #
The type of authentication that your function URL uses. Set to AWS_IAM
if you want to restrict access to authenticated IAM users only. Set to
NONE if you want to bypass IAM authentication to create a public
endpoint. For more information, see
Security and auth model for Lambda function URLs.
addPermission_principalOrgID :: Lens' AddPermission (Maybe Text) Source #
The identifier for your organization in Organizations. Use this to grant permissions to all the Amazon Web Services accounts under this organization.
addPermission_qualifier :: Lens' AddPermission (Maybe Text) Source #
Specify a version or alias to add permissions to a published version of the function.
addPermission_revisionId :: Lens' AddPermission (Maybe Text) Source #
Update the policy only if the revision ID matches the ID that's specified. Use this option to avoid modifying a policy that has changed since you last read it.
addPermission_sourceAccount :: Lens' AddPermission (Maybe Text) Source #
For Amazon Web Service, the ID of the Amazon Web Services account that
owns the resource. Use this together with SourceArn to ensure that the
specified account owns the resource. It is possible for an Amazon S3
bucket to be deleted by its owner and recreated by another account.
addPermission_sourceArn :: Lens' AddPermission (Maybe Text) Source #
For Amazon Web Services, the ARN of the Amazon Web Services resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.
Note that Lambda configures the comparison using the StringLike
operator.
addPermission_functionName :: Lens' AddPermission Text Source #
The name of the Lambda function, version, or alias.
Name formats
- Function name –
my-function(name-only),my-function:v1(with alias). - Function ARN –
arn:aws:lambda:us-west-2:123456789012:function:my-function. - Partial ARN –
123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
addPermission_statementId :: Lens' AddPermission Text Source #
A statement identifier that differentiates the statement from others in the same policy.
addPermission_action :: Lens' AddPermission Text Source #
The action that the principal can use on the function. For example,
lambda:InvokeFunction or lambda:GetFunction.
addPermission_principal :: Lens' AddPermission Text Source #
The Amazon Web Service or Amazon Web Services account that invokes the
function. If you specify a service, use SourceArn or SourceAccount
to limit who can invoke the function through that service.
Destructuring the Response
data AddPermissionResponse Source #
See: newAddPermissionResponse smart constructor.
Constructors
| AddPermissionResponse' | |
Fields
| |
Instances
newAddPermissionResponse Source #
Create a value of AddPermissionResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:statement:AddPermissionResponse', addPermissionResponse_statement - The permission statement that's added to the function policy.
$sel:httpStatus:AddPermissionResponse', addPermissionResponse_httpStatus - The response's http status code.
Response Lenses
addPermissionResponse_statement :: Lens' AddPermissionResponse (Maybe Text) Source #
The permission statement that's added to the function policy.
addPermissionResponse_httpStatus :: Lens' AddPermissionResponse Int Source #
The response's http status code.