Class: AWSCDK::Lambda::Permission
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::Lambda::Permission
- Defined in:
- lambda/permission.rb
Overview
Represents a permission statement that can be added to a Lambda function's resource policy via the addPermission() method.
Instance Attribute Summary collapse
-
#action ⇒ String?
readonly
The Lambda actions that you want to allow in this statement.
-
#event_source_token ⇒ String?
readonly
A unique token that must be supplied by the principal invoking the function.
-
#function_url_auth_type ⇒ AWSCDK::Lambda::FunctionURLAuthType?
readonly
The authType for the function URL that you are granting permissions for.
-
#invoked_via_function_url ⇒ Boolean?
readonly
The condition key for limiting the scope of lambda:InvokeFunction action to Function URL only.
-
#organization_id ⇒ String?
readonly
The organization you want to grant permissions to.
-
#principal ⇒ AWSCDK::IAM::IPrincipal
readonly
The entity for which you are granting permission to invoke the Lambda function.
-
#scope ⇒ Constructs::Construct?
readonly
The scope to which the permission constructs be attached.
-
#source_account ⇒ String?
readonly
The AWS account ID (without hyphens) of the source owner.
-
#source_arn ⇒ String?
readonly
The ARN of a resource that is invoking your function.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(principal:, action: nil, event_source_token: nil, function_url_auth_type: nil, invoked_via_function_url: nil, organization_id: nil, scope: nil, source_account: nil, source_arn: nil) ⇒ Permission
constructor
A new instance of Permission.
- #to_jsii ⇒ Object
Constructor Details
#initialize(principal:, action: nil, event_source_token: nil, function_url_auth_type: nil, invoked_via_function_url: nil, organization_id: nil, scope: nil, source_account: nil, source_arn: nil) ⇒ Permission
Returns a new instance of Permission.
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'lambda/permission.rb', line 16 def initialize(principal:, action: nil, event_source_token: nil, function_url_auth_type: nil, invoked_via_function_url: nil, organization_id: nil, scope: nil, source_account: nil, source_arn: nil) @principal = principal Jsii::Type.check_type(@principal, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "principal") @action = action Jsii::Type.check_type(@action, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "action") unless @action.nil? @event_source_token = event_source_token Jsii::Type.check_type(@event_source_token, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "eventSourceToken") unless @event_source_token.nil? @function_url_auth_type = function_url_auth_type Jsii::Type.check_type(@function_url_auth_type, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbGFtYmRhLkZ1bmN0aW9uVXJsQXV0aFR5cGUifQ==")), "functionUrlAuthType") unless @function_url_auth_type.nil? @invoked_via_function_url = invoked_via_function_url Jsii::Type.check_type(@invoked_via_function_url, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "invokedViaFunctionUrl") unless @invoked_via_function_url.nil? @organization_id = organization_id Jsii::Type.check_type(@organization_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "organizationId") unless @organization_id.nil? @scope = scope Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") unless @scope.nil? @source_account = source_account Jsii::Type.check_type(@source_account, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceAccount") unless @source_account.nil? @source_arn = source_arn Jsii::Type.check_type(@source_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceArn") unless @source_arn.nil? end |
Instance Attribute Details
#action ⇒ String? (readonly)
Default: 'lambda:InvokeFunction'
The Lambda actions that you want to allow in this statement.
For example,
you can specify lambda:CreateFunction to specify a certain action, or use
a wildcard (lambda:*) to grant permission to all Lambda actions. For a
list of actions, see Actions and Condition Context Keys for AWS Lambda in
the IAM User Guide.
62 63 64 |
# File 'lambda/permission.rb', line 62 def action @action end |
#event_source_token ⇒ String? (readonly)
Default: - The caller would not need to present a token.
A unique token that must be supplied by the principal invoking the function.
67 68 69 |
# File 'lambda/permission.rb', line 67 def event_source_token @event_source_token end |
#function_url_auth_type ⇒ AWSCDK::Lambda::FunctionURLAuthType? (readonly)
Default: - No functionUrlAuthType
The authType for the function URL that you are granting permissions for.
72 73 74 |
# File 'lambda/permission.rb', line 72 def function_url_auth_type @function_url_auth_type end |
#invoked_via_function_url ⇒ Boolean? (readonly)
Default: - false
The condition key for limiting the scope of lambda:InvokeFunction action to Function URL only.
When set to true, it restricts the principal in this policy to perform invokes for the resource only via Function URLs.
79 80 81 |
# File 'lambda/permission.rb', line 79 def invoked_via_function_url @invoked_via_function_url end |
#organization_id ⇒ String? (readonly)
Default: - No organizationId
The organization you want to grant permissions to.
Use this ONLY if you
need to grant permissions to a subset of the organization. If you want to
grant permissions to the entire organization, sending the organization principal
through the principal property will suffice.
You can use this property to ensure that all source principals are owned by a specific organization.
92 93 94 |
# File 'lambda/permission.rb', line 92 def organization_id @organization_id end |
#principal ⇒ AWSCDK::IAM::IPrincipal (readonly)
The entity for which you are granting permission to invoke the Lambda function.
This entity can be any of the following:
- a valid AWS service principal, such as
s3.amazonaws.comorsns.amazonaws.com - an AWS account ID for cross-account permissions. For example, you might want to allow a custom application in another AWS account to push events to Lambda by invoking your function.
- an AWS organization principal to grant permissions to an entire organization.
The principal can be an AccountPrincipal, an ArnPrincipal, a ServicePrincipal, or an OrganizationPrincipal.
51 52 53 |
# File 'lambda/permission.rb', line 51 def principal @principal end |
#scope ⇒ Constructs::Construct? (readonly)
Default: - The instance of lambda.IFunction
The scope to which the permission constructs be attached.
The default is the Lambda function construct itself, but this would need to be different in cases such as cross-stack references where the Permissions would need to sit closer to the consumer of this permission (i.e., the caller).
102 103 104 |
# File 'lambda/permission.rb', line 102 def scope @scope end |
#source_account ⇒ String? (readonly)
The AWS account ID (without hyphens) of the source owner.
For example, if you specify an S3 bucket in the SourceArn property, this value is the bucket owner's account ID. You can use this property to ensure that all source principals are owned by a specific account.
111 112 113 |
# File 'lambda/permission.rb', line 111 def source_account @source_account end |
#source_arn ⇒ String? (readonly)
The ARN of a resource that is invoking your function.
When granting Amazon Simple Storage Service (Amazon S3) permission to invoke your function, specify this property with the bucket ARN as its value. This ensures that events generated only from the specified bucket, not just any bucket from any AWS account that creates a mapping to your function, can invoke the function.
122 123 124 |
# File 'lambda/permission.rb', line 122 def source_arn @source_arn end |
Class Method Details
.jsii_properties ⇒ Object
124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lambda/permission.rb', line 124 def self.jsii_properties { :principal => "principal", :action => "action", :event_source_token => "eventSourceToken", :function_url_auth_type => "functionUrlAuthType", :invoked_via_function_url => "invokedViaFunctionUrl", :organization_id => "organizationId", :scope => "scope", :source_account => "sourceAccount", :source_arn => "sourceArn", } end |
Instance Method Details
#to_jsii ⇒ Object
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
# File 'lambda/permission.rb', line 138 def to_jsii result = {} result.merge!({ "principal" => @principal, "action" => @action, "eventSourceToken" => @event_source_token, "functionUrlAuthType" => @function_url_auth_type, "invokedViaFunctionUrl" => @invoked_via_function_url, "organizationId" => @organization_id, "scope" => @scope, "sourceAccount" => @source_account, "sourceArn" => @source_arn, }) result.compact end |