@Generated(value="jsii-pacmak/1.63.2 (build a8a8833)", date="2022-08-08T20:48:14.714Z") @Stability(value=Stable) public interface Permission extends software.amazon.jsii.JsiiSerializable
Example:
// Grant permissions to a service
Function fn;
ServicePrincipal principal = new ServicePrincipal("my-service");
fn.grantInvoke(principal);
// Equivalent to:
fn.addPermission("my-service Invocation", Permission.builder()
.principal(principal)
.build());
| Modifier and Type | Interface and Description |
|---|---|
static class |
Permission.Builder
A builder for
Permission |
static class |
Permission.Jsii$Proxy
An implementation for
Permission |
| Modifier and Type | Method and Description |
|---|---|
static Permission.Builder |
builder() |
default String |
getAction()
The Lambda actions that you want to allow in this statement.
|
default String |
getEventSourceToken()
A unique token that must be supplied by the principal invoking the function.
|
default FunctionUrlAuthType |
getFunctionUrlAuthType()
The authType for the function URL that you are granting permissions for.
|
default String |
getOrganizationId()
The organization you want to grant permissions to.
|
IPrincipal |
getPrincipal()
The entity for which you are granting permission to invoke the Lambda function.
|
default software.constructs.Construct |
getScope()
The scope to which the permission constructs be attached.
|
default String |
getSourceAccount()
The AWS account ID (without hyphens) of the source owner.
|
default String |
getSourceArn()
The ARN of a resource that is invoking your function.
|
@Stability(value=Stable) @NotNull IPrincipal getPrincipal()
This entity can be any of the following:
s3.amazonaws.com or sns.amazonaws.comThe principal can be an AccountPrincipal, an ArnPrincipal, a ServicePrincipal, or an OrganizationPrincipal.
@Stability(value=Stable) @Nullable default String getAction()
For example,
you can specify lambda:CreateFunction to specify a certain action, or use
a wildcard (lambda:*) to grant permission to all Lambda actions. For a
list of actions, see Actions and Condition Context Keys for AWS Lambda in
the IAM User Guide.
Default: 'lambda:InvokeFunction'
@Stability(value=Stable) @Nullable default String getEventSourceToken()
Default: - The caller would not need to present a token.
@Stability(value=Stable) @Nullable default FunctionUrlAuthType getFunctionUrlAuthType()
Default: - No functionUrlAuthType
@Stability(value=Stable) @Nullable default String getOrganizationId()
Use this ONLY if you
need to grant permissions to a subset of the organization. If you want to
grant permissions to the entire organization, sending the organization principal
through the principal property will suffice.
You can use this property to ensure that all source principals are owned by a specific organization.
Default: - No organizationId
@Stability(value=Stable) @Nullable default software.constructs.Construct getScope()
The default is the Lambda function construct itself, but this would need to be different in cases such as cross-stack references where the Permissions would need to sit closer to the consumer of this permission (i.e., the caller).
Default: - The instance of lambda.IFunction
@Stability(value=Stable) @Nullable default String getSourceAccount()
For example, if you specify an S3 bucket in the SourceArn property, this value is the bucket owner's account ID. You can use this property to ensure that all source principals are owned by a specific account.
@Stability(value=Stable) @Nullable default String getSourceArn()
When granting Amazon Simple Storage Service (Amazon S3) permission to invoke your function, specify this property with the bucket ARN as its value. This ensures that events generated only from the specified bucket, not just any bucket from any AWS account that creates a mapping to your function, can invoke the function.
@Stability(value=Stable) static Permission.Builder builder()
Permission.Builder of PermissionCopyright © 2022. All rights reserved.