CfnPermissionProps¶

class aws_cdk.aws_lambda.CfnPermissionProps(*, action, function_name, principal, event_source_token=None, function_url_auth_type=None, principal_org_id=None, source_account=None, source_arn=None)¶

Bases: object

Properties for defining a CfnPermission.

Parameters

action (str) – The action that the principal can use on the function. For example, lambda:InvokeFunction or lambda:GetFunction .
function_name (str) – The name of the Lambda function, version, or alias. Name formats - Function name - my-function (name-only), my-function:v1 (with alias). - Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function . - Partial ARN - 123456789012:function:my-function . You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
principal (str) – The AWS service or account that invokes the function. If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.
event_source_token (Optional[str]) – For Alexa Smart Home functions, a token that must be supplied by the invoker.
function_url_auth_type (Optional[str]) – The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated IAM users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs .
principal_org_id (Optional[str]) – The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.
source_account (Optional[str]) – For Amazon S3, the ID of the account that owns the resource. Use this together with SourceArn to ensure that the resource is owned by the specified account. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
source_arn (Optional[str]) – For AWS services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. Note that Lambda configures the comparison using the StringLike operator.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_lambda as lambda_

cfn_permission_props = lambda.CfnPermissionProps(
    action="action",
    function_name="functionName",
    principal="principal",

    # the properties below are optional
    event_source_token="eventSourceToken",
    function_url_auth_type="functionUrlAuthType",
    principal_org_id="principalOrgId",
    source_account="sourceAccount",
    source_arn="sourceArn"
)

Attributes

action¶

The action that the principal can use on the function.

For example, lambda:InvokeFunction or lambda:GetFunction .

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-action
Return type: str

event_source_token¶

For Alexa Smart Home functions, a token that must be supplied by the invoker.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-eventsourcetoken
Return type: Optional[str]

function_name¶

The name of the Lambda function, version, or alias.

Name formats - Function name - my-function (name-only), my-function:v1 (with alias).

Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function .
Partial ARN - 123456789012:function:my-function .

You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-functionname
Return type: str

function_url_auth_type¶

The type of authentication that your function URL uses.

Set to AWS_IAM if you want to restrict access to authenticated IAM users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs .

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-functionurlauthtype
Return type: Optional[str]

principal¶

The AWS service or account that invokes the function.

If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-principal
Return type: str

principal_org_id¶

The identifier for your organization in AWS Organizations .

Use this to grant permissions to all the AWS accounts under this organization.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-principalorgid
Return type: Optional[str]

source_account¶

For Amazon S3, the ID of the account that owns the resource.

Use this together with SourceArn to ensure that the resource is owned by the specified account. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-sourceaccount
Return type: Optional[str]

source_arn¶

For AWS services, the ARN of the AWS resource that invokes the function.

For example, an Amazon S3 bucket or Amazon SNS topic.

Note that Lambda configures the comparison using the StringLike operator.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-sourcearn
Return type: Optional[str]