com.amazonaws.services.lambda.model

Class AddPermissionRequest

java.lang.Object

com.amazonaws.AmazonWebServiceRequest

com.amazonaws.services.lambda.model.AddPermissionRequest

All Implemented Interfaces:

ReadLimitInfo, Serializable, Cloneable

public class AddPermissionRequest
extends AmazonWebServiceRequest
implements Serializable, Cloneable

Container for the parameters to the AddPermission operation.

Adds a permission to the resource policy associated with the specified AWS Lambda function. You use resource policies to grant permissions to event sources that use "push" model. In "push" model, event sources (such as Amazon S3 and custom applications) invoke your Lambda function. Each permission you add to the resource policy allows an event source, permission to invoke the Lambda function.

For information about the push model, see AWS Lambda: How it Works .

If you are using versioning feature (see AWS Lambda Function Versioning and Aliases ), a Lambda function can have multiple ARNs that can be used to invoke the function. Note that, each permission you add to resource policy using this API is specific to an ARN, specified using the Qualifier parameter

This operation requires permission for the lambda:AddPermission action.

See Also:

AWSLambda.addPermission(AddPermissionRequest), Serialized Form

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceRequest

NOOP

Constructor Summary

Constructors

Constructor and Description
AddPermissionRequest()

Method Summary

Methods

Modifier and Type	Method and Description
AddPermissionRequest	clone()
boolean	equals(Object obj)
String	getAction() The AWS Lambda action you want to allow in this statement.
String	getFunctionName() Name of the Lambda function whose resource policy you are updating by adding a new permission.
String	getPrincipal() The principal who is getting this permission.
String	getQualifier() You can specify this optional query parameter to specify function version or alias name.
String	getSourceAccount() The AWS account ID (without a hyphen) of the source owner.
String	getSourceArn() This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value.
String	getStatementId() A unique statement identifier.
int	hashCode()
void	setAction(String action) The AWS Lambda action you want to allow in this statement.
void	setFunctionName(String functionName) Name of the Lambda function whose resource policy you are updating by adding a new permission.
void	setPrincipal(String principal) The principal who is getting this permission.
void	setQualifier(String qualifier) You can specify this optional query parameter to specify function version or alias name.
void	setSourceAccount(String sourceAccount) The AWS account ID (without a hyphen) of the source owner.
void	setSourceArn(String sourceArn) This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value.
void	setStatementId(String statementId) A unique statement identifier.
String	toString() Returns a string representation of this object; useful for testing and debugging.
AddPermissionRequest	withAction(String action) The AWS Lambda action you want to allow in this statement.
AddPermissionRequest	withFunctionName(String functionName) Name of the Lambda function whose resource policy you are updating by adding a new permission.
AddPermissionRequest	withPrincipal(String principal) The principal who is getting this permission.
AddPermissionRequest	withQualifier(String qualifier) You can specify this optional query parameter to specify function version or alias name.
AddPermissionRequest	withSourceAccount(String sourceAccount) The AWS account ID (without a hyphen) of the source owner.
AddPermissionRequest	withSourceArn(String sourceArn) This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value.
AddPermissionRequest	withStatementId(String statementId) A unique statement identifier.

Methods inherited from class com.amazonaws.AmazonWebServiceRequest

copyBaseTo, getCloneRoot, getCloneSource, getCustomQueryParameters, getCustomRequestHeaders, getGeneralProgressListener, getReadLimit, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, getSdkClientExecutionTimeout, getSdkRequestTimeout, putCustomQueryParameter, putCustomRequestHeader, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, setSdkClientExecutionTimeout, setSdkRequestTimeout, withGeneralProgressListener, withRequestMetricCollector, withSdkClientExecutionTimeout, withSdkRequestTimeout

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

AddPermissionRequest

public AddPermissionRequest()

Method Detail

getFunctionName

public String getFunctionName()

Name of the Lambda function whose resource policy you are updating by adding a new permission.

You can specify an unqualified function name (for example, "Thumbnail") or you can specify Amazon Resource Name (ARN) of the function (for example, "arn:aws:lambda:us-west-2:account-id:function:ThumbNail"). AWS Lambda also allows you to specify only the account ID qualifier (for example, "account-id:Thumbnail"). Note that the length constraint applies only to the ARN. If you specify only the function name, it is limited to 64 character in length.

Constraints:
Length: 1 - 140
Pattern: (arn:aws:lambda:)?([a-z]{2}-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?

Returns:

Name of the Lambda function whose resource policy you are updating by adding a new permission.

You can specify an unqualified function name (for example, "Thumbnail") or you can specify Amazon Resource Name (ARN) of the function (for example, "arn:aws:lambda:us-west-2:account-id:function:ThumbNail"). AWS Lambda also allows you to specify only the account ID qualifier (for example, "account-id:Thumbnail"). Note that the length constraint applies only to the ARN. If you specify only the function name, it is limited to 64 character in length.

setFunctionName

public void setFunctionName(String functionName)

Name of the Lambda function whose resource policy you are updating by adding a new permission.

You can specify an unqualified function name (for example, "Thumbnail") or you can specify Amazon Resource Name (ARN) of the function (for example, "arn:aws:lambda:us-west-2:account-id:function:ThumbNail"). AWS Lambda also allows you to specify only the account ID qualifier (for example, "account-id:Thumbnail"). Note that the length constraint applies only to the ARN. If you specify only the function name, it is limited to 64 character in length.

Constraints:
Length: 1 - 140
Pattern: (arn:aws:lambda:)?([a-z]{2}-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?

Parameters:

functionName - Name of the Lambda function whose resource policy you are updating by adding a new permission.

You can specify an unqualified function name (for example, "Thumbnail") or you can specify Amazon Resource Name (ARN) of the function (for example, "arn:aws:lambda:us-west-2:account-id:function:ThumbNail"). AWS Lambda also allows you to specify only the account ID qualifier (for example, "account-id:Thumbnail"). Note that the length constraint applies only to the ARN. If you specify only the function name, it is limited to 64 character in length.

withFunctionName

public AddPermissionRequest withFunctionName(String functionName)

Name of the Lambda function whose resource policy you are updating by adding a new permission.

You can specify an unqualified function name (for example, "Thumbnail") or you can specify Amazon Resource Name (ARN) of the function (for example, "arn:aws:lambda:us-west-2:account-id:function:ThumbNail"). AWS Lambda also allows you to specify only the account ID qualifier (for example, "account-id:Thumbnail"). Note that the length constraint applies only to the ARN. If you specify only the function name, it is limited to 64 character in length.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 140
Pattern: (arn:aws:lambda:)?([a-z]{2}-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?

Parameters:

functionName - Name of the Lambda function whose resource policy you are updating by adding a new permission.

You can specify an unqualified function name (for example, "Thumbnail") or you can specify Amazon Resource Name (ARN) of the function (for example, "arn:aws:lambda:us-west-2:account-id:function:ThumbNail"). AWS Lambda also allows you to specify only the account ID qualifier (for example, "account-id:Thumbnail"). Note that the length constraint applies only to the ARN. If you specify only the function name, it is limited to 64 character in length.

Returns:

A reference to this updated object so that method calls can be chained together.

getStatementId

public String getStatementId()

A unique statement identifier.

Constraints:
Length: 1 - 100
Pattern: ([a-zA-Z0-9-_]+)

Returns:

A unique statement identifier.

setStatementId

public void setStatementId(String statementId)

A unique statement identifier.

Constraints:
Length: 1 - 100
Pattern: ([a-zA-Z0-9-_]+)

Parameters:

statementId - A unique statement identifier.

withStatementId

public AddPermissionRequest withStatementId(String statementId)

A unique statement identifier.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 100
Pattern: ([a-zA-Z0-9-_]+)

Parameters:

statementId - A unique statement identifier.

Returns:

A reference to this updated object so that method calls can be chained together.

getAction

public String getAction()

The AWS Lambda action you want to allow in this statement. Each Lambda action is a string starting with "lambda:" followed by the API name (see Operations). For example, "lambda:CreateFunction". You can use wildcard ("lambda:*") to grant permission for all AWS Lambda actions.

Constraints:
Pattern: (lambda:[*]|lambda:[a-zA-Z]+|[*])

Returns:

The AWS Lambda action you want to allow in this statement. Each Lambda action is a string starting with "lambda:" followed by the API name (see Operations). For example, "lambda:CreateFunction". You can use wildcard ("lambda:*") to grant permission for all AWS Lambda actions.

setAction

public void setAction(String action)

The AWS Lambda action you want to allow in this statement. Each Lambda action is a string starting with "lambda:" followed by the API name (see Operations). For example, "lambda:CreateFunction". You can use wildcard ("lambda:*") to grant permission for all AWS Lambda actions.

Constraints:
Pattern: (lambda:[*]|lambda:[a-zA-Z]+|[*])

Parameters:

action - The AWS Lambda action you want to allow in this statement. Each Lambda action is a string starting with "lambda:" followed by the API name (see Operations). For example, "lambda:CreateFunction". You can use wildcard ("lambda:*") to grant permission for all AWS Lambda actions.

withAction

public AddPermissionRequest withAction(String action)

The AWS Lambda action you want to allow in this statement. Each Lambda action is a string starting with "lambda:" followed by the API name (see Operations). For example, "lambda:CreateFunction". You can use wildcard ("lambda:*") to grant permission for all AWS Lambda actions.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Pattern: (lambda:[*]|lambda:[a-zA-Z]+|[*])

Parameters:

action - The AWS Lambda action you want to allow in this statement. Each Lambda action is a string starting with "lambda:" followed by the API name (see Operations). For example, "lambda:CreateFunction". You can use wildcard ("lambda:*") to grant permission for all AWS Lambda actions.

Returns:

A reference to this updated object so that method calls can be chained together.

getPrincipal

public String getPrincipal()

The principal who is getting this permission. It can be Amazon S3 service Principal ("s3.amazonaws.com") if you want Amazon S3 to invoke the function, an AWS account ID if you are granting cross-account permission, or any valid AWS service principal such as "sns.amazonaws.com". For example, you might want to allow a custom application in another AWS account to push events to AWS Lambda by invoking your function.

Constraints:
Pattern: .*

Returns:

The principal who is getting this permission. It can be Amazon S3 service Principal ("s3.amazonaws.com") if you want Amazon S3 to invoke the function, an AWS account ID if you are granting cross-account permission, or any valid AWS service principal such as "sns.amazonaws.com". For example, you might want to allow a custom application in another AWS account to push events to AWS Lambda by invoking your function.

setPrincipal

public void setPrincipal(String principal)

The principal who is getting this permission. It can be Amazon S3 service Principal ("s3.amazonaws.com") if you want Amazon S3 to invoke the function, an AWS account ID if you are granting cross-account permission, or any valid AWS service principal such as "sns.amazonaws.com". For example, you might want to allow a custom application in another AWS account to push events to AWS Lambda by invoking your function.

Constraints:
Pattern: .*

Parameters:

principal - The principal who is getting this permission. It can be Amazon S3 service Principal ("s3.amazonaws.com") if you want Amazon S3 to invoke the function, an AWS account ID if you are granting cross-account permission, or any valid AWS service principal such as "sns.amazonaws.com". For example, you might want to allow a custom application in another AWS account to push events to AWS Lambda by invoking your function.

withPrincipal

public AddPermissionRequest withPrincipal(String principal)

The principal who is getting this permission. It can be Amazon S3 service Principal ("s3.amazonaws.com") if you want Amazon S3 to invoke the function, an AWS account ID if you are granting cross-account permission, or any valid AWS service principal such as "sns.amazonaws.com". For example, you might want to allow a custom application in another AWS account to push events to AWS Lambda by invoking your function.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Pattern: .*

Parameters:

principal - The principal who is getting this permission. It can be Amazon S3 service Principal ("s3.amazonaws.com") if you want Amazon S3 to invoke the function, an AWS account ID if you are granting cross-account permission, or any valid AWS service principal such as "sns.amazonaws.com". For example, you might want to allow a custom application in another AWS account to push events to AWS Lambda by invoking your function.

Returns:

A reference to this updated object so that method calls can be chained together.

getSourceArn

public String getSourceArn()

This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value. This ensures that only events generated from the specified bucket can invoke the function. If you add a permission for the Amazon S3 principal without providing the source ARN, any AWS account that creates a mapping to your function ARN can send events to invoke your Lambda function from Amazon S3.

Constraints:
Pattern: arn:aws:([a-zA-Z0-9\-])+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:(.*)

Returns:

This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value. This ensures that only events generated from the specified bucket can invoke the function. If you add a permission for the Amazon S3 principal without providing the source ARN, any AWS account that creates a mapping to your function ARN can send events to invoke your Lambda function from Amazon S3.

setSourceArn

public void setSourceArn(String sourceArn)

This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value. This ensures that only events generated from the specified bucket can invoke the function. If you add a permission for the Amazon S3 principal without providing the source ARN, any AWS account that creates a mapping to your function ARN can send events to invoke your Lambda function from Amazon S3.

Constraints:
Pattern: arn:aws:([a-zA-Z0-9\-])+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:(.*)

Parameters:

sourceArn - This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value. This ensures that only events generated from the specified bucket can invoke the function. If you add a permission for the Amazon S3 principal without providing the source ARN, any AWS account that creates a mapping to your function ARN can send events to invoke your Lambda function from Amazon S3.

withSourceArn

public AddPermissionRequest withSourceArn(String sourceArn)

This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value. This ensures that only events generated from the specified bucket can invoke the function. If you add a permission for the Amazon S3 principal without providing the source ARN, any AWS account that creates a mapping to your function ARN can send events to invoke your Lambda function from Amazon S3.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Pattern: arn:aws:([a-zA-Z0-9\-])+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:(.*)

Parameters:

sourceArn - This is optional; however, when granting Amazon S3 permission to invoke your function, you should specify this field with the bucket Amazon Resource Name (ARN) as its value. This ensures that only events generated from the specified bucket can invoke the function. If you add a permission for the Amazon S3 principal without providing the source ARN, any AWS account that creates a mapping to your function ARN can send events to invoke your Lambda function from Amazon S3.

Returns:

A reference to this updated object so that method calls can be chained together.

getSourceAccount

public String getSourceAccount()

The AWS account ID (without a hyphen) of the source owner. For example, if the SourceArn identifies a bucket, then this is the bucket owner's account ID. You can use this additional condition to ensure the bucket you specify is owned by a specific account (it is possible the bucket owner deleted the bucket and some other AWS account created the bucket). You can also use this condition to specify all sources (that is, you don't specify the SourceArn) owned by a specific account.

Constraints:
Pattern: \d{12}

Returns:

The AWS account ID (without a hyphen) of the source owner. For example, if the SourceArn identifies a bucket, then this is the bucket owner's account ID. You can use this additional condition to ensure the bucket you specify is owned by a specific account (it is possible the bucket owner deleted the bucket and some other AWS account created the bucket). You can also use this condition to specify all sources (that is, you don't specify the SourceArn) owned by a specific account.

setSourceAccount

public void setSourceAccount(String sourceAccount)

The AWS account ID (without a hyphen) of the source owner. For example, if the SourceArn identifies a bucket, then this is the bucket owner's account ID. You can use this additional condition to ensure the bucket you specify is owned by a specific account (it is possible the bucket owner deleted the bucket and some other AWS account created the bucket). You can also use this condition to specify all sources (that is, you don't specify the SourceArn) owned by a specific account.

Constraints:
Pattern: \d{12}

Parameters:

sourceAccount - The AWS account ID (without a hyphen) of the source owner. For example, if the SourceArn identifies a bucket, then this is the bucket owner's account ID. You can use this additional condition to ensure the bucket you specify is owned by a specific account (it is possible the bucket owner deleted the bucket and some other AWS account created the bucket). You can also use this condition to specify all sources (that is, you don't specify the SourceArn) owned by a specific account.

withSourceAccount

public AddPermissionRequest withSourceAccount(String sourceAccount)

The AWS account ID (without a hyphen) of the source owner. For example, if the SourceArn identifies a bucket, then this is the bucket owner's account ID. You can use this additional condition to ensure the bucket you specify is owned by a specific account (it is possible the bucket owner deleted the bucket and some other AWS account created the bucket). You can also use this condition to specify all sources (that is, you don't specify the SourceArn) owned by a specific account.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Pattern: \d{12}

Parameters:

sourceAccount - The AWS account ID (without a hyphen) of the source owner. For example, if the SourceArn identifies a bucket, then this is the bucket owner's account ID. You can use this additional condition to ensure the bucket you specify is owned by a specific account (it is possible the bucket owner deleted the bucket and some other AWS account created the bucket). You can also use this condition to specify all sources (that is, you don't specify the SourceArn) owned by a specific account.

Returns:

A reference to this updated object so that method calls can be chained together.

getQualifier

public String getQualifier()

You can specify this optional query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. For example, if you specify function version 2 as the qualifier, then permission applies only when request is made using qualified function ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:2

If you specify alias name, for example "PROD", then the permission is valid only for requests made using the alias ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:PROD

If the qualifier is not specified, the permission is valid only when requests is made using unqualified function ARN.

arn:aws:lambda:aws-region:acct-id:function:function-name

Constraints:
Length: 1 - 128
Pattern: (|[a-zA-Z0-9$_]+)

Returns:

You can specify this optional query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. For example, if you specify function version 2 as the qualifier, then permission applies only when request is made using qualified function ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:2

If you specify alias name, for example "PROD", then the permission is valid only for requests made using the alias ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:PROD

If the qualifier is not specified, the permission is valid only when requests is made using unqualified function ARN.

arn:aws:lambda:aws-region:acct-id:function:function-name

setQualifier

public void setQualifier(String qualifier)

You can specify this optional query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. For example, if you specify function version 2 as the qualifier, then permission applies only when request is made using qualified function ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:2

If you specify alias name, for example "PROD", then the permission is valid only for requests made using the alias ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:PROD

If the qualifier is not specified, the permission is valid only when requests is made using unqualified function ARN.

arn:aws:lambda:aws-region:acct-id:function:function-name

Constraints:
Length: 1 - 128
Pattern: (|[a-zA-Z0-9$_]+)

Parameters:

qualifier - You can specify this optional query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. For example, if you specify function version 2 as the qualifier, then permission applies only when request is made using qualified function ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:2

If you specify alias name, for example "PROD", then the permission is valid only for requests made using the alias ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:PROD

If the qualifier is not specified, the permission is valid only when requests is made using unqualified function ARN.

arn:aws:lambda:aws-region:acct-id:function:function-name

withQualifier

public AddPermissionRequest withQualifier(String qualifier)

You can specify this optional query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. For example, if you specify function version 2 as the qualifier, then permission applies only when request is made using qualified function ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:2

If you specify alias name, for example "PROD", then the permission is valid only for requests made using the alias ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:PROD

If the qualifier is not specified, the permission is valid only when requests is made using unqualified function ARN.

arn:aws:lambda:aws-region:acct-id:function:function-name

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 128
Pattern: (|[a-zA-Z0-9$_]+)

Parameters:

qualifier - You can specify this optional query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. For example, if you specify function version 2 as the qualifier, then permission applies only when request is made using qualified function ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:2

If you specify alias name, for example "PROD", then the permission is valid only for requests made using the alias ARN:

arn:aws:lambda:aws-region:acct-id:function:function-name:PROD

If the qualifier is not specified, the permission is valid only when requests is made using unqualified function ARN.

arn:aws:lambda:aws-region:acct-id:function:function-name

Returns:

A reference to this updated object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object; useful for testing and debugging.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

clone

public AddPermissionRequest clone()

Overrides:

clone in class AmazonWebServiceRequest