CfnPermissionMixinProps
- class aws_cdk.mixins_preview.aws_lambda.mixins.CfnPermissionMixinProps(*, action=None, event_source_token=None, function_name=None, function_url_auth_type=None, invoked_via_function_url=None, principal=None, principal_org_id=None, source_account=None, source_arn=None)
Bases:
objectProperties for CfnPermissionPropsMixin.
- Parameters:
action (
Optional[str]) – The action that the principal can use on the function. For example,lambda:InvokeFunctionorlambda:GetFunction.event_source_token (
Optional[str]) – For Alexa Smart Home functions, a token that the invoker must supply.function_name (
Optional[str]) – The name or ARN of the Lambda function, version, or alias. Name formats - Function name –my-function(name-only),my-function:v1(with alias). - Function ARN –arn:aws:lambda:us-west-2:123456789012:function:my-function. - Partial ARN –123456789012:function:my-function. You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.function_url_auth_type (
Optional[str]) – The type of authentication that your function URL uses. Set toAWS_IAMif you want to restrict access to authenticated users only. Set toNONEif you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs .invoked_via_function_url (
Union[bool,IResolvable,None]) –Restricts the
lambda:InvokeFunctionaction to function URL calls. When specified, this option prevents the principal from invoking the function by any means other than the function URL. For more information, see Control access to Lambda function URLs .principal (
Optional[str]) – The AWS service , AWS account , IAM user, or IAM role that invokes the function. If you specify a service, useSourceArnorSourceAccountto limit who can invoke the function through that service.principal_org_id (
Optional[str]) – The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.source_account (
Optional[str]) – For AWS service , the ID of the AWS account that owns the resource. Use this together withSourceArnto ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.source_arn (
Optional[str]) – For AWS services , the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. Note that Lambda configures the comparison using theStringLikeoperator.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_lambda import mixins as lambda_mixins cfn_permission_mixin_props = lambda_mixins.CfnPermissionMixinProps( action="action", event_source_token="eventSourceToken", function_name="functionName", function_url_auth_type="functionUrlAuthType", invoked_via_function_url=False, principal="principal", principal_org_id="principalOrgId", source_account="sourceAccount", source_arn="sourceArn" )
Attributes
- action
The action that the principal can use on the function.
For example,
lambda:InvokeFunctionorlambda:GetFunction.
- event_source_token
For Alexa Smart Home functions, a token that the invoker must supply.
- function_name
The name or ARN of the Lambda function, version, or alias.
Name formats - Function name –
my-function(name-only),my-function:v1(with alias).Function ARN –
arn:aws:lambda:us-west-2:123456789012:function:my-function.Partial ARN –
123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
- function_url_auth_type
The type of authentication that your function URL uses.
Set to
AWS_IAMif you want to restrict access to authenticated users only. Set toNONEif you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs .
- invoked_via_function_url
Restricts the
lambda:InvokeFunctionaction to function URL calls.When specified, this option prevents the principal from invoking the function by any means other than the function URL. For more information, see Control access to Lambda function URLs .
- principal
The AWS service , AWS account , IAM user, or IAM role that invokes the function.
If you specify a service, use
SourceArnorSourceAccountto limit who can invoke the function through that service.
- principal_org_id
The identifier for your organization in AWS Organizations .
Use this to grant permissions to all the AWS accounts under this organization.
- source_account
For AWS service , the ID of the AWS account that owns the resource.
Use this together with
SourceArnto ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
- source_arn
For AWS services , the ARN of the AWS resource that invokes the function.
For example, an Amazon S3 bucket or Amazon SNS topic.
Note that Lambda configures the comparison using the
StringLikeoperator.