Interface ICfnPermissionProps
Properties for defining a CfnPermission
.
Namespace: Amazon.CDK.AWS.Lambda
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ICfnPermissionProps
Syntax (vb)
Public Interface ICfnPermissionProps
Remarks
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Lambda;
var cfnPermissionProps = new CfnPermissionProps {
Action = "action",
FunctionName = "functionName",
Principal = "principal",
// the properties below are optional
EventSourceToken = "eventSourceToken",
FunctionUrlAuthType = "functionUrlAuthType",
PrincipalOrgId = "principalOrgId",
SourceAccount = "sourceAccount",
SourceArn = "sourceArn"
};
Synopsis
Properties
Action | The action that the principal can use on the function. |
EventSourceToken | For Alexa Smart Home functions, a token that the invoker must supply. |
FunctionName | The name or ARN of the Lambda function, version, or alias. |
FunctionUrlAuthType | The type of authentication that your function URL uses. |
Principal | The AWS service or AWS account that invokes the function. |
PrincipalOrgId | The identifier for your organization in AWS Organizations . |
SourceAccount | For AWS service , the ID of the AWS account that owns the resource. |
SourceArn | For AWS services , the ARN of the AWS resource that invokes the function. |
Properties
Action
The action that the principal can use on the function.
string Action { get; }
Property Value
System.String
Remarks
For example, lambda:InvokeFunction
or lambda:GetFunction
.
EventSourceToken
For Alexa Smart Home functions, a token that the invoker must supply.
virtual string EventSourceToken { get; }
Property Value
System.String
Remarks
FunctionName
The name or ARN of the Lambda function, version, or alias.
string FunctionName { get; }
Property Value
System.String
Remarks
Name formats - Function name – my-function
(name-only), my-function:v1
(with alias).
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
FunctionUrlAuthType
The type of authentication that your function URL uses.
virtual string FunctionUrlAuthType { get; }
Property Value
System.String
Remarks
Set to AWS_IAM
if you want to restrict access to authenticated users only. Set to NONE
if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs .
Principal
The AWS service or AWS account that invokes the function.
string Principal { get; }
Property Value
System.String
Remarks
If you specify a service, use SourceArn
or SourceAccount
to limit who can invoke the function through that service.
PrincipalOrgId
The identifier for your organization in AWS Organizations .
virtual string PrincipalOrgId { get; }
Property Value
System.String
Remarks
Use this to grant permissions to all the AWS accounts under this organization.
SourceAccount
For AWS service , the ID of the AWS account that owns the resource.
virtual string SourceAccount { get; }
Property Value
System.String
Remarks
Use this together with SourceArn
to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
SourceArn
For AWS services , the ARN of the AWS resource that invokes the function.
virtual string SourceArn { get; }
Property Value
System.String
Remarks
For example, an Amazon S3 bucket or Amazon SNS topic.
Note that Lambda configures the comparison using the StringLike
operator.