function_permission#

State module for managing Lambda function permission

async idem_aws.states.aws.lambda_aws.function_permission.present(hub, ctx, name: str, action: str, function_name: str, principal: str, source_arn: Optional[str] = None, source_account: Optional[str] = None, resource_id: Optional[str] = None, event_source_token: Optional[str] = None, qualifier: Optional[str] = None, revision_id: Optional[str] = None, principal_org_id: Optional[str] = None, function_url_auth_type: Optional[str] = None) Dict[str, Any][source]#

Add specified permission to the lambda function.

Parameters:
  • name (str) – Name/Id of the statement/permission

  • action (str) – The action that the principal can use on the function. For example, lambda:InvokeFunction or lambda:GetFunction.

  • function_name (str) –

    The name of the Lambda function, version, or alias.
    Name formats
    • Function name - my-function (name-only), my-function:v1 (with alias).

    • Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function .

    • Partial ARN - 123456789012:function:my-function

  • principal (str) – The Amazon Web Services service or account that invokes the function. If you specify a service, use source_arn or source_account to limit who can invoke the function through that service.

  • source_arn (str, Optional) – For Amazon Web Services , the ARN of the Amazon Web Services resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.

  • source_account (str, Optional) – For Amazon S3, the ID of the account that owns the resource. Use this together with SourceArn to ensure that the resource is owned by the specified account. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.

  • resource_id (str, Optional) – Name/Id of the statement/permission

  • event_source_token (str, Optional) – For Alexa Smart Home functions, a token that must be supplied by the invoker.

  • qualifier (str, Optional) – Specify a version or alias to add permissions to a published version of the function.

  • revision_id (str, Optional) – Only update the policy if the revision ID matches the ID that’s specified. Use this option to avoid modifying a policy that has changed since you last read it.

  • principal_org_id (str, Optional) – The identifier for your organization in Organizations. Use this to grant permissions to all the Amazon Web Services accounts under this organization.

  • function_url_auth_type (str, Optional) – The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated IAM users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint.

Request Syntax:
[statement_id]:
  aws.lambda_aws.function_permission.present:
    - name: 'string'
    - resource_id: 'string'
    - action: 'string'
    - function_name: 'string'
    - principal: 'string'
Returns:

Dict[str, Any]

Examples

test_idem_lambda_function_statement:
  aws.lambda_aws.function_permission.present:
    - action: lambda:GetAlias
    - effect: Allow
    - function_name: ecd17a181d6588e27c976cdeff501e90750b0dcafebba907cc4aab3c
    - name: test-001
    - principal:
          "AWS: AIDAX2FJ77DC2AS7BAPBU"
    - resource_id: test-001
async idem_aws.states.aws.lambda_aws.function_permission.absent(hub, ctx, name: str, function_name: str, resource_id: Optional[str] = None) Dict[str, Any][source]#

Remove specified permission from the lambda function.

Parameters:
  • name (str) – Name/Id of the statement/permission

  • function_name (str) –

    The name of the Lambda function, version, or alias.
    Name formats
    • Function name - my-function (name-only), my-function:v1 (with alias).

    • Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function .

    • Partial ARN - 123456789012:function:my-function .

  • resource_id (str, Optional) – Name/Id of the statement/permission

Request Syntax:
[statement_id]:
  aws.lambda_aws.function_permission.absent:
    - name: 'string'
Returns:

Dict[str, Any]

Examples

test_idem_lambda_function_statement:
  aws.lambda_aws.function_permission.absent:
  - name: test-001
async idem_aws.states.aws.lambda_aws.function_permission.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Returns permissions associated with each lambda function.

Returns:

Dict[str, Dict[str, Any]]

Examples

$ idem describe aws.lambda_aws.function_permission