AddLayerVersionPermission - AWS Lambda (original) (raw)
Adds permissions to the resource-based policy of a version of an AWS Lambda layer. Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all accounts in an organization, or all AWS accounts.
To revoke permission, call RemoveLayerVersionPermission with the statement ID that you specified when you added it.
Request Syntax
POST /2018-10-31/layers/LayerName/versions/VersionNumber/policy?RevisionId=RevisionId HTTP/1.1
Content-type: application/json
{
"Action": "string",
"OrganizationId": "string",
"Principal": "string",
"StatementId": "string"
}URI Request Parameters
The request uses the following URI parameters.
The name or Amazon Resource Name (ARN) of the layer.
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: (arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\d{12}:layer:[a-zA-Z0-9-_]+)|[a-zA-Z0-9-_]+
Required: Yes
Only update the policy if the revision ID matches the ID specified. Use this option to avoid modifying a policy that has changed since you last read it.
The version number.
Required: Yes
Request Body
The request accepts the following data in JSON format.
The API action that grants access to the layer. For example, lambda:GetLayerVersion.
Type: String
Length Constraints: Maximum length of 22.
Pattern: lambda:GetLayerVersion
Required: Yes
With the principal set to *, grant permission to all accounts in the specified organization.
Type: String
Length Constraints: Maximum length of 34.
Pattern: o-[a-z0-9]{10,32}
Required: No
An account ID, or * to grant layer usage permission to all accounts in an organization, or all AWS accounts (if organizationId is not specified). For the last case, make sure that you really do want all AWS accounts to have usage permission to this layer.
Type: String
Pattern: \d{12}|\*|arn:(aws[a-zA-Z-]*):iam::\d{12}:root
Required: Yes
An identifier that distinguishes the policy from others on the same layer version.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern: ([a-zA-Z0-9-_]+)
Required: Yes
Response Syntax
HTTP/1.1 201
Content-type: application/json
{
"RevisionId": "string",
"Statement": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 201 response.
The following data is returned in JSON format by the service.
A unique identifier for the current revision of the policy.
Type: String
The permission statement.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
InvalidParameterValueException
One of the parameters in the request is not valid.
HTTP Status Code: 400
PolicyLengthExceededException
The permissions policy for the resource is too large. For more information, see Lambda quotas.
HTTP Status Code: 400
PreconditionFailedException
The RevisionId provided does not match the latest RevisionId for the Lambda function or alias.
- For AddPermission and RemovePermission API operations: Call
GetPolicyto retrieve the latest RevisionId for your resource. - For all other API operations: Call
GetFunctionorGetAliasto retrieve the latest RevisionId for your resource.
HTTP Status Code: 412
ResourceConflictException
The resource already exists, or another operation is in progress.
HTTP Status Code: 409
ResourceNotFoundException
The resource specified in the request does not exist.
HTTP Status Code: 404
ServiceException
The AWS Lambda service encountered an internal error.
HTTP Status Code: 500
TooManyRequestsException
The request throughput limit was exceeded. For more information, see Lambda quotas.
HTTP Status Code: 429
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: