iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,362 lines • 145 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Lambda = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [lambda](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Lambda extends shared_1.PolicyStatement {
/**
* Statement provider for service [lambda](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'lambda';
this.accessLevelList = {
'Permissions management': [
'AddLayerVersionPermission',
'AddPermission',
'DisableReplication',
'EnableReplication',
'RemoveLayerVersionPermission',
'RemovePermission'
],
Write: [
'CheckpointDurableExecution',
'CreateAlias',
'CreateCapacityProvider',
'CreateCodeSigningConfig',
'CreateEventSourceMapping',
'CreateFunction',
'CreateFunctionUrlConfig',
'DeleteAlias',
'DeleteCapacityProvider',
'DeleteCodeSigningConfig',
'DeleteEventSourceMapping',
'DeleteFunction',
'DeleteFunctionCodeSigningConfig',
'DeleteFunctionConcurrency',
'DeleteFunctionEventInvokeConfig',
'DeleteFunctionUrlConfig',
'DeleteLayerVersion',
'DeleteProvisionedConcurrencyConfig',
'InvokeAsync',
'InvokeFunction',
'InvokeFunctionUrl',
'PassCapacityProvider',
'PublishLayerVersion',
'PublishVersion',
'PutFunctionCodeSigningConfig',
'PutFunctionConcurrency',
'PutFunctionEventInvokeConfig',
'PutFunctionRecursionConfig',
'PutFunctionScalingConfig',
'PutProvisionedConcurrencyConfig',
'PutRuntimeManagementConfig',
'SendDurableExecutionCallbackFailure',
'SendDurableExecutionCallbackHeartbeat',
'SendDurableExecutionCallbackSuccess',
'StopDurableExecution',
'UpdateAlias',
'UpdateCapacityProvider',
'UpdateCodeSigningConfig',
'UpdateEventSourceMapping',
'UpdateFunctionCode',
'UpdateFunctionCodeSigningConfig',
'UpdateFunctionConfiguration',
'UpdateFunctionEventInvokeConfig',
'UpdateFunctionUrlConfig'
],
Read: [
'GetAccountSettings',
'GetAlias',
'GetCapacityProvider',
'GetCodeSigningConfig',
'GetDurableExecution',
'GetDurableExecutionHistory',
'GetDurableExecutionState',
'GetEventSourceMapping',
'GetFunction',
'GetFunctionCodeSigningConfig',
'GetFunctionConcurrency',
'GetFunctionConfiguration',
'GetFunctionEventInvokeConfig',
'GetFunctionRecursionConfig',
'GetFunctionScalingConfig',
'GetFunctionUrlConfig',
'GetLayerVersion',
'GetLayerVersionPolicy',
'GetPolicy',
'GetProvisionedConcurrencyConfig',
'GetRuntimeManagementConfig',
'ListTags'
],
List: [
'ListAliases',
'ListCapacityProviders',
'ListCodeSigningConfigs',
'ListDurableExecutionsByFunction',
'ListEventSourceMappings',
'ListFunctionEventInvokeConfigs',
'ListFunctionUrlConfigs',
'ListFunctionVersionsByCapacityProvider',
'ListFunctions',
'ListFunctionsByCodeSigningConfig',
'ListLayerVersions',
'ListLayers',
'ListProvisionedConcurrencyConfigs',
'ListVersionsByFunction'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to add permissions to the resource-based policy of a version of an AWS Lambda layer
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_AddLayerVersionPermission.html
*/
toAddLayerVersionPermission() {
return this.to('AddLayerVersionPermission');
}
/**
* Grants permission to give an AWS service or another account permission to use an AWS Lambda function
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPrincipal()
* - .ifFunctionUrlAuthType()
* - .ifInvokedViaFunctionUrl()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
*/
toAddPermission() {
return this.to('AddPermission');
}
/**
* Grants permission to save the progress of an AWS Lambda durable execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_CheckpointDurableExecution.html
*/
toCheckpointDurableExecution() {
return this.to('CheckpointDurableExecution');
}
/**
* Grants permission to create an alias for a Lambda function version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_CreateAlias.html
*/
toCreateAlias() {
return this.to('CreateAlias');
}
/**
* Grants permission to create an AWS Lambda capacity provider
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifSecurityGroupIds()
* - .ifSubnetIds()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
* - iam:PassRole
* - kms:DescribeKey
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_CreateCapacityProvider.html
*/
toCreateCapacityProvider() {
return this.to('CreateCapacityProvider');
}
/**
* Grants permission to create an AWS Lambda code signing config
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_CreateCodeSigningConfig.html
*/
toCreateCodeSigningConfig() {
return this.to('CreateCodeSigningConfig');
}
/**
* Grants permission to create a mapping between an event source and an AWS Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifFunctionArn()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_CreateEventSourceMapping.html
*/
toCreateEventSourceMapping() {
return this.to('CreateEventSourceMapping');
}
/**
* Grants permission to create an AWS Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifLayer()
* - .ifVpcIds()
* - .ifSubnetIds()
* - .ifSecurityGroupIds()
* - .ifCodeSigningConfigArn()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
* - lambda:PassCapacityProvider
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html
*/
toCreateFunction() {
return this.to('CreateFunction');
}
/**
* Grants permission to create a function url configuration for a Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifFunctionUrlAuthType()
* - .ifFunctionArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunctionUrlConfig.html
*/
toCreateFunctionUrlConfig() {
return this.to('CreateFunctionUrlConfig');
}
/**
* Grants permission to delete an AWS Lambda function alias
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteAlias.html
*/
toDeleteAlias() {
return this.to('DeleteAlias');
}
/**
* Grants permission to delete an AWS Lambda capacity provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteCapacityProvider.html
*/
toDeleteCapacityProvider() {
return this.to('DeleteCapacityProvider');
}
/**
* Grants permission to delete an AWS Lambda code signing config
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteCodeSigningConfig.html
*/
toDeleteCodeSigningConfig() {
return this.to('DeleteCodeSigningConfig');
}
/**
* Grants permission to delete an AWS Lambda event source mapping
*
* Access Level: Write
*
* Possible conditions:
* - .ifFunctionArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteEventSourceMapping.html
*/
toDeleteEventSourceMapping() {
return this.to('DeleteEventSourceMapping');
}
/**
* Grants permission to delete an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunction.html
*/
toDeleteFunction() {
return this.to('DeleteFunction');
}
/**
* Grants permission to detach a code signing config from an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionCodeSigningConfig.html
*/
toDeleteFunctionCodeSigningConfig() {
return this.to('DeleteFunctionCodeSigningConfig');
}
/**
* Grants permission to remove a concurrent execution limit from an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionConcurrency.html
*/
toDeleteFunctionConcurrency() {
return this.to('DeleteFunctionConcurrency');
}
/**
* Grants permission to delete the configuration for asynchronous invocation for an AWS Lambda function, version, or alias
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionEventInvokeConfig.html
*/
toDeleteFunctionEventInvokeConfig() {
return this.to('DeleteFunctionEventInvokeConfig');
}
/**
* Grants permission to delete function url configuration for a Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifFunctionUrlAuthType()
* - .ifFunctionArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionUrlConfig.html
*/
toDeleteFunctionUrlConfig() {
return this.to('DeleteFunctionUrlConfig');
}
/**
* Grants permission to delete a version of an AWS Lambda layer
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteLayerVersion.html
*/
toDeleteLayerVersion() {
return this.to('DeleteLayerVersion');
}
/**
* Grants permission to delete the provisioned concurrency configuration for an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteProvisionedConcurrencyConfig.html
*/
toDeleteProvisionedConcurrencyConfig() {
return this.to('DeleteProvisionedConcurrencyConfig');
}
/**
* Grants permission to disable replication for a Lambda@Edge function
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html
*/
toDisableReplication() {
return this.to('DisableReplication');
}
/**
* Grants permission to enable replication for a Lambda@Edge function
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html
*/
toEnableReplication() {
return this.to('EnableReplication');
}
/**
* Grants permission to view details about an account's limits and usage in an AWS Region
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetAccountSettings.html
*/
toGetAccountSettings() {
return this.to('GetAccountSettings');
}
/**
* Grants permission to view details about an AWS Lambda function alias
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetAlias.html
*/
toGetAlias() {
return this.to('GetAlias');
}
/**
* Grants permission to view details about an AWS Lambda capacity provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetCapacityProvider.html
*/
toGetCapacityProvider() {
return this.to('GetCapacityProvider');
}
/**
* Grants permission to view details about an AWS Lambda code signing config
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetCodeSigningConfig.html
*/
toGetCodeSigningConfig() {
return this.to('GetCodeSigningConfig');
}
/**
* Grants permission to view details of an AWS Lambda durable execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetDurableExecution.html
*/
toGetDurableExecution() {
return this.to('GetDurableExecution');
}
/**
* Grants permission to view execution history of an AWS Lambda durable execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetDurableExecutionHistory.html
*/
toGetDurableExecutionHistory() {
return this.to('GetDurableExecutionHistory');
}
/**
* Grants permission to view current state of an AWS Lambda durable execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetDurableExecutionState.html
*/
toGetDurableExecutionState() {
return this.to('GetDurableExecutionState');
}
/**
* Grants permission to view details about an AWS Lambda event source mapping
*
* Access Level: Read
*
* Possible conditions:
* - .ifFunctionArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetEventSourceMapping.html
*/
toGetEventSourceMapping() {
return this.to('GetEventSourceMapping');
}
/**
* Grants permission to view details about an AWS Lambda function
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html
*/
toGetFunction() {
return this.to('GetFunction');
}
/**
* Grants permission to view the code signing config arn attached to an AWS Lambda function
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionCodeSigningConfig.html
*/
toGetFunctionCodeSigningConfig() {
return this.to('GetFunctionCodeSigningConfig');
}
/**
* Grants permission to view details about the reserved concurrency configuration for a function
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConcurrency.html
*/
toGetFunctionConcurrency() {
return this.to('GetFunctionConcurrency');
}
/**
* Grants permission to view details about the version-specific settings of an AWS Lambda function or version
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConfiguration.html
*/
toGetFunctionConfiguration() {
return this.to('GetFunctionConfiguration');
}
/**
* Grants permission to view the configuration for asynchronous invocation for a function, version, or alias
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionEventInvokeConfig.html
*/
toGetFunctionEventInvokeConfig() {
return this.to('GetFunctionEventInvokeConfig');
}
/**
* Grants permission to view the recursion configuration of an AWS Lambda function
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionRecursionConfig.html
*/
toGetFunctionRecursionConfig() {
return this.to('GetFunctionRecursionConfig');
}
/**
* Grants permission to view the scaling configuration of an AWS Lambda function running on a capacity provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionScalingConfig.html
*/
toGetFunctionScalingConfig() {
return this.to('GetFunctionScalingConfig');
}
/**
* Grants permission to read function url configuration for a Lambda function
*
* Access Level: Read
*
* Possible conditions:
* - .ifFunctionUrlAuthType()
* - .ifFunctionArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionUrlConfig.html
*/
toGetFunctionUrlConfig() {
return this.to('GetFunctionUrlConfig');
}
/**
* Grants permission to view details about a version of an AWS Lambda layer. Note this action also supports GetLayerVersionByArn API
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html
*/
toGetLayerVersion() {
return this.to('GetLayerVersion');
}
/**
* Grants permission to view the resource-based policy for a version of an AWS Lambda layer
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersionPolicy.html
*/
toGetLayerVersionPolicy() {
return this.to('GetLayerVersionPolicy');
}
/**
* Grants permission to view the resource-based policy for an AWS Lambda function, version, or alias
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetPolicy.html
*/
toGetPolicy() {
return this.to('GetPolicy');
}
/**
* Grants permission to view the provisioned concurrency configuration for an AWS Lambda function's alias or version
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetProvisionedConcurrencyConfig.html
*/
toGetProvisionedConcurrencyConfig() {
return this.to('GetProvisionedConcurrencyConfig');
}
/**
* Grants permission to view the runtime management configuration of an AWS Lambda function
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_GetRuntimeManagementConfig.html
*/
toGetRuntimeManagementConfig() {
return this.to('GetRuntimeManagementConfig');
}
/**
* Grants permission to invoke a function asynchronously (Deprecated)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_InvokeAsync.html
*/
toInvokeAsync() {
return this.to('InvokeAsync');
}
/**
* Grants permission to invoke an AWS Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifEventSourceToken()
* - .ifInvokedViaFunctionUrl()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html
*/
toInvokeFunction() {
return this.to('InvokeFunction');
}
/**
* Grants permission to invoke an AWS Lambda function through url
*
* Access Level: Write
*
* Possible conditions:
* - .ifFunctionUrlAuthType()
* - .ifFunctionArn()
* - .ifEventSourceToken()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_InvokeFunctionUrl.html
*/
toInvokeFunctionUrl() {
return this.to('InvokeFunctionUrl');
}
/**
* Grants permission to retrieve a list of aliases for an AWS Lambda function
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListAliases.html
*/
toListAliases() {
return this.to('ListAliases');
}
/**
* Grants permission to retrieve a list of AWS Lambda capacity providers
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListCapacityProviders.html
*/
toListCapacityProviders() {
return this.to('ListCapacityProviders');
}
/**
* Grants permission to retrieve a list of AWS Lambda code signing configs
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListCodeSigningConfigs.html
*/
toListCodeSigningConfigs() {
return this.to('ListCodeSigningConfigs');
}
/**
* Grants permission to retrieve a list of AWS Lambda durable executions of an AWS Lambda function
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListDurableExecutionsByFunction.html
*/
toListDurableExecutionsByFunction() {
return this.to('ListDurableExecutionsByFunction');
}
/**
* Grants permission to retrieve a list of AWS Lambda event source mappings
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListEventSourceMappings.html
*/
toListEventSourceMappings() {
return this.to('ListEventSourceMappings');
}
/**
* Grants permission to retrieve a list of configurations for asynchronous invocation for a function
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionEventInvokeConfigs.html
*/
toListFunctionEventInvokeConfigs() {
return this.to('ListFunctionEventInvokeConfigs');
}
/**
* Grants permission to read function url configurations for a function
*
* Access Level: List
*
* Possible conditions:
* - .ifFunctionUrlAuthType()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionUrlConfigs.html
*/
toListFunctionUrlConfigs() {
return this.to('ListFunctionUrlConfigs');
}
/**
* Grants permission to retrieve a list of AWS Lambda function versions by the capacity provider assigned
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionVersionsByCapacityProvider.html
*/
toListFunctionVersionsByCapacityProvider() {
return this.to('ListFunctionVersionsByCapacityProvider');
}
/**
* Grants permission to retrieve a list of AWS Lambda functions, with the version-specific configuration of each function
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctions.html
*/
toListFunctions() {
return this.to('ListFunctions');
}
/**
* Grants permission to retrieve a list of AWS Lambda functions by the code signing config assigned
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionsByCodeSigningConfig.html
*/
toListFunctionsByCodeSigningConfig() {
return this.to('ListFunctionsByCodeSigningConfig');
}
/**
* Grants permission to retrieve a list of versions of an AWS Lambda layer
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayerVersions.html
*/
toListLayerVersions() {
return this.to('ListLayerVersions');
}
/**
* Grants permission to retrieve a list of AWS Lambda layers, with details about the latest version of each layer
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayers.html
*/
toListLayers() {
return this.to('ListLayers');
}
/**
* Grants permission to retrieve a list of provisioned concurrency configurations for an AWS Lambda function
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListProvisionedConcurrencyConfigs.html
*/
toListProvisionedConcurrencyConfigs() {
return this.to('ListProvisionedConcurrencyConfigs');
}
/**
* Grants permission to retrieve a list of tags for an AWS Lambda function, event source mapping, capacity provider, or code signing configuration resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListTags.html
*/
toListTags() {
return this.to('ListTags');
}
/**
* Grants permission to retrieve a list of versions for an AWS Lambda function
*
* Access Level: List
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_ListVersionsByFunction.html
*/
toListVersionsByFunction() {
return this.to('ListVersionsByFunction');
}
/**
* Grants permission to pass an AWS Lambda capacity provider to a service
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-permissions.html
*/
toPassCapacityProvider() {
return this.to('PassCapacityProvider');
}
/**
* Grants permission to create an AWS Lambda layer
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html
*/
toPublishLayerVersion() {
return this.to('PublishLayerVersion');
}
/**
* Grants permission to create an AWS Lambda function version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PublishVersion.html
*/
toPublishVersion() {
return this.to('PublishVersion');
}
/**
* Grants permission to attach a code signing config to an AWS Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifCodeSigningConfigArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionCodeSigningConfig.html
*/
toPutFunctionCodeSigningConfig() {
return this.to('PutFunctionCodeSigningConfig');
}
/**
* Grants permission to configure reserved concurrency for an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionConcurrency.html
*/
toPutFunctionConcurrency() {
return this.to('PutFunctionConcurrency');
}
/**
* Grants permission to configures options for asynchronous invocation on an AWS Lambda function, version, or alias
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionEventInvokeConfig.html
*/
toPutFunctionEventInvokeConfig() {
return this.to('PutFunctionEventInvokeConfig');
}
/**
* Grants permission to update the recursion configuration of an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionRecursionConfig.html
*/
toPutFunctionRecursionConfig() {
return this.to('PutFunctionRecursionConfig');
}
/**
* Grants permission to update the scaling configuration of an AWS Lambda function running on a capacity provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionScalingConfig.html
*/
toPutFunctionScalingConfig() {
return this.to('PutFunctionScalingConfig');
}
/**
* Grants permission to configure provisioned concurrency for an AWS Lambda function's alias or version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PutProvisionedConcurrencyConfig.html
*/
toPutProvisionedConcurrencyConfig() {
return this.to('PutProvisionedConcurrencyConfig');
}
/**
* Grants permission to update the runtime management configuration of an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_PutRuntimeManagementConfig.html
*/
toPutRuntimeManagementConfig() {
return this.to('PutRuntimeManagementConfig');
}
/**
* Grants permission to remove a statement from the permissions policy for a version of an AWS Lambda layer
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_RemoveLayerVersionPermission.html
*/
toRemoveLayerVersionPermission() {
return this.to('RemoveLayerVersionPermission');
}
/**
* Grants permission to revoke function-use permission from an AWS service or another account
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPrincipal()
* - .ifFunctionUrlAuthType()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_RemovePermission.html
*/
toRemovePermission() {
return this.to('RemovePermission');
}
/**
* Grants permission to send a failure response for a callback operation in an AWS Lambda durable execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_SendDurableExecutionCallbackFailure.html
*/
toSendDurableExecutionCallbackFailure() {
return this.to('SendDurableExecutionCallbackFailure');
}
/**
* Grants permission to send a heartbeat for a callback operation in an AWS Lambda durable execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_SendDurableExecutionCallbackHeartbeat.html
*/
toSendDurableExecutionCallbackHeartbeat() {
return this.to('SendDurableExecutionCallbackHeartbeat');
}
/**
* Grants permission to send a successful response for a callback operation in an AWS Lambda durable execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_SendDurableExecutionCallbackSuccess.html
*/
toSendDurableExecutionCallbackSuccess() {
return this.to('SendDurableExecutionCallbackSuccess');
}
/**
* Grants permission to stop an AWS Lambda durable execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_StopDurableExecution.html
*/
toStopDurableExecution() {
return this.to('StopDurableExecution');
}
/**
* Grants permission to add tags to an AWS Lambda function, event source mapping, capacity provider, or code signing configuration resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_TagResources.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove tags from an AWS Lambda function, event source mapping, capacity provider, or code signing configuration resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update the configuration of an AWS Lambda function's alias
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateAlias.html
*/
toUpdateAlias() {
return this.to('UpdateAlias');
}
/**
* Grants permission to update an AWS Lambda capacity provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateCapacityProvider.html
*/
toUpdateCapacityProvider() {
return this.to('UpdateCapacityProvider');
}
/**
* Grants permission to update an AWS Lambda code signing config
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateCodeSigningConfig.html
*/
toUpdateCodeSigningConfig() {
return this.to('UpdateCodeSigningConfig');
}
/**
* Grants permission to update the configuration of an AWS Lambda event source mapping
*
* Access Level: Write
*
* Possible conditions:
* - .ifFunctionArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateEventSourceMapping.html
*/
toUpdateEventSourceMapping() {
return this.to('UpdateEventSourceMapping');
}
/**
* Grants permission to update the code of an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionCode.html
*/
toUpdateFunctionCode() {
return this.to('UpdateFunctionCode');
}
/**
* Grants permission to update the code signing config of an AWS Lambda function
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionCodeSigningConfig.html
*/
toUpdateFunctionCodeSigningConfig() {
return this.to('UpdateFunctionCodeSigningConfig');
}
/**
* Grants permission to modify the version-specific settings of an AWS Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifLayer()
* - .ifVpcIds()
* - .ifSubnetIds()
* - .ifSecurityGroupIds()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionConfiguration.html
*/
toUpdateFunctionConfiguration() {
return this.to('UpdateFunctionConfiguration');
}
/**
* Grants permission to modify the configuration for asynchronous invocation for an AWS Lambda function, version, or alias
*
* Access Level: Write
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionEventInvokeConfig.html
*/
toUpdateFunctionEventInvokeConfig() {
return this.to('UpdateFunctionEventInvokeConfig');
}
/**
* Grants permission to update a function url configuration for a Lambda function
*
* Access Level: Write
*
* Possible conditions:
* - .ifFunctionUrlAuthType()
* - .ifFunctionArn()
*
* https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionUrlConfig.html
*/
toUpdateFunctionUrlConfig() {
return this.to('UpdateFunctionUrlConfig');
}
/**
* Adds a resource of type capacityProvider to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param capacityProviderName - Identifier for the capacityProviderName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onCapacityProvider(capacityProviderName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:capacity-provider:${capacityProviderName}`);
}
/**
* Adds a resource of type code signing config to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param codeSigningConfigId - Identifier for the codeSigningConfigId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onCodeSigningConfig(codeSigningConfigId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:code-signing-config:${codeSigningConfigId}`);
}
/**
* Adds a resource of type durable execution to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param functionName - Identifier for the functionName.
* @param version - Identifier for the version.
* @param executionName - Identifier for the executionName.
* @param executionId - Identifier for the executionId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onDurableExecution(functionName, version, executionName, executionId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:function:${functionName}:${version}/durable-execution/${executionName}/${executionId}`);
}
/**
* Adds a resource of type eventSourceMapping to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onEventSourceMapping(uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:event-source-mapping:${uUID}`);
}
/**
* Adds a resource of type function to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param functionName - Identifier for the functionName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFunction(functionName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:function:${functionName}`);
}
/**
* Adds a resource of type function alias to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param functionName - Identifier for the functionName.
* @param alias - Identifier for the alias.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFunctionAlias(functionName, alias, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:function:${functionName}:${alias}`);
}
/**
* Adds a resource of type function version to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param functionName - Identifier for the functionName.
* @param version - Identifier for the version.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFunctionVersion(functionName, version, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:function:${functionName}:${version}`);
}
/**
* Adds a resource of type layer to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param layerName - Identifier for the layerName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onLayer(layerName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:layer:${layerName}`);
}
/**
* Adds a resource of type layerVersion to the statement
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* @param layerName - Identifier for the layerName.
* @param layerVersion - Identifier for the layerVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onLayerVersion(layerName, layerVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:lambda:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:layer:${layerName}:${layerVersion}`);
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateCapacityProvider()
* - .toCreateCodeSigningConfig()
* - .toCreateEventSourceMapping()
* - .toCreateFunction()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - capacityProvider
* - code signing config
* - eventSourceMapping
* - function
* - function alias
* - function version
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateCapacityProvider()
* - .toCreateCodeSigningConfig()
* - .toCreateEventSourceMapping()
* - .toCreateFunction()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the ARN of an AWS Lambda code signing config
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* Applies to actions:
* - .toCreateFunction()
* - .toPutFunctionCodeSigningConfig()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifCodeSigningConfigArn(value, operator) {
return this.if(`CodeSigningConfigArn`, value, operator ?? 'ArnLike');
}
/**
* Filters access by the ID from a non-AWS event source configured for the AWS Lambda function
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* Applies to actions:
* - .toInvokeFunction()
* - .toInvokeFunctionUrl()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifEventSourceToken(value, operator) {
return this.if(`EventSourceToken`, value, operator ?? 'StringLike');
}
/**
* Filters access by the ARN of an AWS Lambda function
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* Applies to actions:
* - .toCreateEventSourceMapping()
* - .toCreateFunctionUrlConfig()
* - .toDeleteEventSourceMapping()
* - .toDeleteFunctionUrlConfig()
* - .toGetEventSourceMapping()
* - .toGetFunctionUrlConfig()
* - .toInvokeFunctionUrl()
* - .toUpdateEventSourceMapping()
* - .toUpdateFunctionUrlConfig()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifFunctionArn(value, operator) {
return this.if(`FunctionArn`, value, operator ?? 'ArnLike');
}
/**
* Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations
*
* https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
*
* Applies to actions:
* - .toAddPermission()
* - .toCreateFunctionUrlConfig()
* - .toDeleteFunctionUrlConfig()
* - .toGetFunctionUrlConfig()
* - .toInvokeFunctionUrl()
* - .toListFunctionUrlConfigs()
* - .toRemovePermission()
* - .toUpdateFunctionUrlConfig()
*
* @param value The value(s) to check
* @param operator Wo