Class CfnPermissionProps
Properties for defining a CfnPermission.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.Lambda
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnPermissionProps : ICfnPermissionPropsSyntax (vb)
Public Class CfnPermissionProps Implements ICfnPermissionPropsRemarks
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Lambda;
var cfnPermissionProps = new CfnPermissionProps {
Action = "action",
FunctionName = "functionName",
Principal = "principal",
// the properties below are optional
EventSourceToken = "eventSourceToken",
FunctionUrlAuthType = "functionUrlAuthType",
PrincipalOrgId = "principalOrgId",
SourceAccount = "sourceAccount",
SourceArn = "sourceArn"
};Synopsis
Constructors
| CfnPermissionProps() | Properties for defining a |
Properties
| Action | The action that the principal can use on the function. |
| EventSourceToken | For Alexa Smart Home functions, a token that the invoker must supply. |
| FunctionName | The name or ARN of the Lambda function, version, or alias. |
| FunctionUrlAuthType | The type of authentication that your function URL uses. |
| Principal | The AWS service , AWS account , IAM user, or IAM role that invokes the function. |
| PrincipalOrgId | The identifier for your organization in AWS Organizations . |
| SourceAccount | For AWS service , the ID of the AWS account that owns the resource. |
| SourceArn | For AWS services , the ARN of the AWS resource that invokes the function. |
Constructors
CfnPermissionProps()
Properties for defining a CfnPermission.
public CfnPermissionProps()Remarks
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Lambda;
var cfnPermissionProps = new CfnPermissionProps {
Action = "action",
FunctionName = "functionName",
Principal = "principal",
// the properties below are optional
EventSourceToken = "eventSourceToken",
FunctionUrlAuthType = "functionUrlAuthType",
PrincipalOrgId = "principalOrgId",
SourceAccount = "sourceAccount",
SourceArn = "sourceArn"
};Properties
Action
The action that the principal can use on the function.
public string Action { get; set; }Property Value
Remarks
For example, lambda:InvokeFunction or lambda:GetFunction .
EventSourceToken
For Alexa Smart Home functions, a token that the invoker must supply.
public string? EventSourceToken { get; set; }Property Value
Remarks
FunctionName
The name or ARN of the Lambda function, version, or alias.
public string FunctionName { get; set; }Property Value
Remarks
Name formats - Function name – my-function (name-only), my-function:v1 (with alias).
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
FunctionUrlAuthType
The type of authentication that your function URL uses.
public string? FunctionUrlAuthType { get; set; }Property Value
Remarks
Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs .
Principal
The AWS service , AWS account , IAM user, or IAM role that invokes the function.
public string Principal { get; set; }Property Value
Remarks
If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.
PrincipalOrgId
The identifier for your organization in AWS Organizations .
public string? PrincipalOrgId { get; set; }Property Value
Remarks
Use this to grant permissions to all the AWS accounts under this organization.
SourceAccount
For AWS service , the ID of the AWS account that owns the resource.
public string? SourceAccount { get; set; }Property Value
Remarks
Use this together with SourceArn to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
SourceArn
For AWS services , the ARN of the AWS resource that invokes the function.
public string? SourceArn { get; set; }Property Value
Remarks
For example, an Amazon S3 bucket or Amazon SNS topic.
Note that Lambda configures the comparison using the StringLike operator.