LayerVersionPermission

class aws_cdk.aws_lambda.LayerVersionPermission(*, account_id, organization_id=None)

Bases: object

Identification of an account (or organization) that is allowed to access a Lambda Layer Version.

Parameters:
  • account_id (str) – The AWS Account id of the account that is authorized to use a Lambda Layer Version. The wild-card '*' can be used to grant access to “any” account (or any account in an organization when organizationId is specified).

  • organization_id (Optional[str]) – The ID of the AWS Organization to which the grant is restricted. Can only be specified if accountId is '*'

ExampleMetadata:

lit=aws-lambda/test/integ.layer-version.lit.ts infused

Example:

layer = lambda_.LayerVersion(stack, "MyLayer",
    code=lambda_.Code.from_asset(path.join(__dirname, "layer-code")),
    compatible_runtimes=[lambda_.Runtime.NODEJS_LATEST],
    license="Apache-2.0",
    description="A layer to test the L2 construct"
)

# To grant usage by other AWS accounts
layer.add_permission("remote-account-grant", account_id=aws_account_id)

# To grant usage to all accounts in some AWS Ogranization
# layer.grantUsage({ accountId: '*', organizationId });

lambda_.Function(stack, "MyLayeredLambda",
    code=lambda_.InlineCode("foo"),
    handler="index.handler",
    runtime=lambda_.Runtime.NODEJS_LATEST,
    layers=[layer]
)

Attributes

account_id

The AWS Account id of the account that is authorized to use a Lambda Layer Version.

The wild-card '*' can be used to grant access to “any” account (or any account in an organization when organizationId is specified).

organization_id

The ID of the AWS Organization to which the grant is restricted.

Can only be specified if accountId is '*'