UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

88 lines 5.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.Permission = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * The ``AWS::Lambda::Permission`` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function. * To grant permission to another account, specify the account ID as the ``Principal``. To grant permission to an organization defined in AOlong, specify the organization ID as the ``PrincipalOrgID``. For AWS services, the principal is a domain-style identifier defined by the service, like ``s3.amazonaws.com`` or ``sns.amazonaws.com``. For AWS services, you can also specify the ARN of the associated resource as the ``SourceArn``. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function. * If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Control access to function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). * This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html). */ class Permission extends pulumi.CustomResource { /** * Get an existing Permission resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, opts) { return new Permission(name, undefined, { ...opts, id: id }); } /** * Returns true if the given object is an instance of Permission. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === Permission.__pulumiType; } /** * Create a Permission resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name, args, opts) { let resourceInputs = {}; opts = opts || {}; if (!opts.id) { if (args?.action === undefined && !opts.urn) { throw new Error("Missing required property 'action'"); } if (args?.functionName === undefined && !opts.urn) { throw new Error("Missing required property 'functionName'"); } if (args?.principal === undefined && !opts.urn) { throw new Error("Missing required property 'principal'"); } resourceInputs["action"] = args?.action; resourceInputs["eventSourceToken"] = args?.eventSourceToken; resourceInputs["functionName"] = args?.functionName; resourceInputs["functionUrlAuthType"] = args?.functionUrlAuthType; resourceInputs["invokedViaFunctionUrl"] = args?.invokedViaFunctionUrl; resourceInputs["principal"] = args?.principal; resourceInputs["principalOrgId"] = args?.principalOrgId; resourceInputs["sourceAccount"] = args?.sourceAccount; resourceInputs["sourceArn"] = args?.sourceArn; resourceInputs["awsId"] = undefined /*out*/; } else { resourceInputs["action"] = undefined /*out*/; resourceInputs["awsId"] = undefined /*out*/; resourceInputs["eventSourceToken"] = undefined /*out*/; resourceInputs["functionName"] = undefined /*out*/; resourceInputs["functionUrlAuthType"] = undefined /*out*/; resourceInputs["invokedViaFunctionUrl"] = undefined /*out*/; resourceInputs["principal"] = undefined /*out*/; resourceInputs["principalOrgId"] = undefined /*out*/; resourceInputs["sourceAccount"] = undefined /*out*/; resourceInputs["sourceArn"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const replaceOnChanges = { replaceOnChanges: ["action", "eventSourceToken", "functionName", "functionUrlAuthType", "invokedViaFunctionUrl", "principal", "principalOrgId", "sourceAccount", "sourceArn"] }; opts = pulumi.mergeOptions(opts, replaceOnChanges); super(Permission.__pulumiType, name, resourceInputs, opts); } } exports.Permission = Permission; /** @internal */ Permission.__pulumiType = 'aws-native:lambda:Permission'; //# sourceMappingURL=permission.js.map