You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Grants an AWS serviceor another account permission to use a function\. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias\. If you use a qualifier, the invoker must use the full Amazon Resource Name \(ARN\) of that version or alias to invoke the function\. Note: Lambda does not support adding policies to version $LATEST\.
3
+
Grants an AWS service, account, or organization permission to use a function\. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias\. If you use a qualifier, the invoker must use the full Amazon Resource Name \(ARN\) of that version or alias to invoke the function\. Note: Lambda does not support adding policies to version $LATEST\.
4
4
5
-
To grant permission to another account, specify the account ID as the `Principal`\. For AWS services, the principal is a domain\-style identifier defined by the service, like `s3.amazonaws.com` or `sns.amazonaws.com`\. For AWS services, you can also specify the ARN of the associated resource as the `SourceArn`\. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function\.
5
+
To grant permission to another account, specify the account ID as the `Principal`\.To grant permission to an organization defined in AWS Organizations, specify the organization ID as the `PrincipalOrgID`\.For AWS services, the principal is a domain\-style identifier defined by the service, like `s3.amazonaws.com` or `sns.amazonaws.com`\. For AWS services, you can also specify the ARN of the associated resource as the `SourceArn`\. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function\.
6
6
7
7
This action adds a statement to a resource\-based permissions policy for the function\. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html)\.
8
8
@@ -15,7 +15,9 @@ Content-type: application/json
15
15
{
16
16
"Action": "string",
17
17
"EventSourceToken": "string",
18
+
"FunctionUrlAuthType": "string",
18
19
"Principal": "string",
20
+
"PrincipalOrgID": "string",
19
21
"RevisionId": "string",
20
22
"SourceAccount": "string",
21
23
"SourceArn": "string",
@@ -59,6 +61,12 @@ For Alexa Smart Home functions, a token that must be supplied by the invoker\.
59
61
Type: String
60
62
Length Constraints: Minimum length of 0\. Maximum length of 256\.
The type of authentication that your function URL uses\. Set to `AWS_IAM` if you want to restrict access to authenticated `IAM` users only\. Set to `NONE` if you want to bypass IAM authentication to create a public endpoint\. For more information, see [ Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html)\.
Only update the policy if the revision ID matches the ID that's specified\. Use this option to avoid modifying a policy that has changed since you last read it\.
0 commit comments