software.amazon.awscdk.services.lambda

Class CfnPermission

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.lambda.CfnPermission

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-03-22T19:35:44.100Z")
public class CfnPermission
extends CfnResource
implements IInspectable

A CloudFormation `AWS::Lambda::Permission`.

The AWS::Lambda::Permission resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.

To grant permission to another account, specify the account ID as the Principal . To grant permission to an organization defined in AWS Organizations , specify the organization ID as the PrincipalOrgID . For AWS services, the principal is a domain-style identifier defined by the service, like s3.amazonaws.com or sns.amazonaws.com . For AWS services, you can also specify the ARN of the associated resource as the SourceArn . If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.

If your function has a function URL, you can specify the FunctionUrlAuthType parameter. This adds a condition to your permission that only applies when your function URL's AuthType matches the specified FunctionUrlAuthType . For more information about the AuthType parameter, see Security and auth model for Lambda function URLs .

This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see Lambda Function Policies .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.lambda.*;
 CfnPermission cfnPermission = CfnPermission.Builder.create(this, "MyCfnPermission")
         .action("action")
         .functionName("functionName")
         .principal("principal")
         // the properties below are optional
         .eventSourceToken("eventSourceToken")
         .functionUrlAuthType("functionUrlAuthType")
         .principalOrgId("principalOrgId")
         .sourceAccount("sourceAccount")
         .sourceArn("sourceArn")
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnPermission.Builder A fluent builder for CfnPermission.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnPermission(Construct scope, java.lang.String id, CfnPermissionProps props) Create a new `AWS::Lambda::Permission`.
protected	CfnPermission(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnPermission(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAction() The action that the principal can use on the function.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.String	getEventSourceToken() For Alexa Smart Home functions, a token that the invoker must supply.
java.lang.String	getFunctionName() The name of the Lambda function, version, or alias.
java.lang.String	getFunctionUrlAuthType() The type of authentication that your function URL uses.
java.lang.String	getPrincipal() The AWS service or AWS account that invokes the function.
java.lang.String	getPrincipalOrgId() The identifier for your organization in AWS Organizations .
java.lang.String	getSourceAccount() For AWS service , the ID of the AWS account that owns the resource.
java.lang.String	getSourceArn() For AWS services , the ARN of the AWS resource that invokes the function.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setAction(java.lang.String value) The action that the principal can use on the function.
void	setEventSourceToken(java.lang.String value) For Alexa Smart Home functions, a token that the invoker must supply.
void	setFunctionName(java.lang.String value) The name of the Lambda function, version, or alias.
void	setFunctionUrlAuthType(java.lang.String value) The type of authentication that your function URL uses.
void	setPrincipal(java.lang.String value) The AWS service or AWS account that invokes the function.
void	setPrincipalOrgId(java.lang.String value) The identifier for your organization in AWS Organizations .
void	setSourceAccount(java.lang.String value) For AWS service , the ID of the AWS account that owns the resource.
void	setSourceArn(java.lang.String value) For AWS services , the ARN of the AWS resource that invokes the function.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnPermission

protected CfnPermission(software.amazon.jsii.JsiiObjectRef objRef)

CfnPermission

protected CfnPermission(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnPermission

public CfnPermission(Construct scope,
                     java.lang.String id,
                     CfnPermissionProps props)

Create a new `AWS::Lambda::Permission`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getAction

public java.lang.String getAction()

The action that the principal can use on the function.

For example, lambda:InvokeFunction or lambda:GetFunction .

setAction

public void setAction(java.lang.String value)

The action that the principal can use on the function.

For example, lambda:InvokeFunction or lambda:GetFunction .

getFunctionName

public java.lang.String getFunctionName()

The name of the Lambda function, version, or alias.

Name formats - Function name – my-function (name-only), my-function:v1 (with alias).

• Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function .
• Partial ARN – 123456789012:function:my-function .

You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.

setFunctionName

public void setFunctionName(java.lang.String value)

The name of the Lambda function, version, or alias.

Name formats - Function name – my-function (name-only), my-function:v1 (with alias).

• Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function .
• Partial ARN – 123456789012:function:my-function .

You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.

getPrincipal

public java.lang.String getPrincipal()

The AWS service or AWS account that invokes the function.

If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.

setPrincipal

public void setPrincipal(java.lang.String value)

The AWS service or AWS account that invokes the function.

If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.

getEventSourceToken

public java.lang.String getEventSourceToken()

For Alexa Smart Home functions, a token that the invoker must supply.

setEventSourceToken

public void setEventSourceToken(java.lang.String value)

For Alexa Smart Home functions, a token that the invoker must supply.

getFunctionUrlAuthType

public java.lang.String getFunctionUrlAuthType()

The type of authentication that your function URL uses.

Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs .

setFunctionUrlAuthType

public void setFunctionUrlAuthType(java.lang.String value)

The type of authentication that your function URL uses.

Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs .

getPrincipalOrgId

public java.lang.String getPrincipalOrgId()

The identifier for your organization in AWS Organizations .

Use this to grant permissions to all the AWS accounts under this organization.

setPrincipalOrgId

public void setPrincipalOrgId(java.lang.String value)

The identifier for your organization in AWS Organizations .

Use this to grant permissions to all the AWS accounts under this organization.

getSourceAccount

public java.lang.String getSourceAccount()

For AWS service , the ID of the AWS account that owns the resource.

Use this together with SourceArn to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.

setSourceAccount

public void setSourceAccount(java.lang.String value)

For AWS service , the ID of the AWS account that owns the resource.

Use this together with SourceArn to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.

getSourceArn

public java.lang.String getSourceArn()

For AWS services , the ARN of the AWS resource that invokes the function.

For example, an Amazon S3 bucket or Amazon SNS topic.

Note that Lambda configures the comparison using the StringLike operator.

setSourceArn

public void setSourceArn(java.lang.String value)

For AWS services , the ARN of the AWS resource that invokes the function.

For example, an Amazon S3 bucket or Amazon SNS topic.

Note that Lambda configures the comparison using the StringLike operator.