Actions, resources, and condition keys for AWS Lambda (original) (raw)

AddLayerVersionPermission

Grants permission to add permissions to the resource-based policy of a version of an AWS Lambda layer

Permissions management

layerVersion*

AddPermission

Grants permission to give an AWS service or another account permission to use an AWS Lambda function

Permissions management

function*

lambda:Principal

lambda:FunctionUrlAuthType

CreateAlias

Grants permission to create an alias for a Lambda function version

Write

function*

CreateCodeSigningConfig

Grants permission to create an AWS Lambda code signing config

Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateEventSourceMapping

Grants permission to create a mapping between an event source and an AWS Lambda function

Write

lambda:FunctionArn

aws:RequestTag/${TagKey}

aws:TagKeys

CreateFunction

Grants permission to create an AWS Lambda function

Write

function*

iam:PassRole

lambda:Layer

lambda:VpcIds

lambda:SubnetIds

lambda:SecurityGroupIds

lambda:CodeSigningConfigArn

aws:RequestTag/${TagKey}

aws:TagKeys

CreateFunctionUrlConfig

Grants permission to create a function url configuration for a Lambda function

Write

function*

lambda:FunctionUrlAuthType

lambda:FunctionArn

DeleteAlias

Grants permission to delete an AWS Lambda function alias

Write

function*

DeleteCodeSigningConfig

Grants permission to delete an AWS Lambda code signing config

Write

code signing config*

DeleteEventSourceMapping

Grants permission to delete an AWS Lambda event source mapping

Write

eventSourceMapping*

lambda:FunctionArn

DeleteFunction

Grants permission to delete an AWS Lambda function

Write

function*

DeleteFunctionCodeSigningConfig

Grants permission to detach a code signing config from an AWS Lambda function

Write

function*

DeleteFunctionConcurrency

Grants permission to remove a concurrent execution limit from an AWS Lambda function

Write

function*

DeleteFunctionEventInvokeConfig

Grants permission to delete the configuration for asynchronous invocation for an AWS Lambda function, version, or alias

Write

function*

DeleteFunctionUrlConfig

Grants permission to delete function url configuration for a Lambda function

Write

function*

lambda:FunctionUrlAuthType

lambda:FunctionArn

DeleteLayerVersion

Grants permission to delete a version of an AWS Lambda layer

Write

layerVersion*

DeleteProvisionedConcurrencyConfig

Grants permission to delete the provisioned concurrency configuration for an AWS Lambda function

Write

function alias

function version

DisableReplication [permission only]

Grants permission to disable replication for a Lambda@Edge function

Permissions management

function*

EnableReplication [permission only]

Grants permission to enable replication for a Lambda@Edge function

Permissions management

function*

GetAccountSettings

Grants permission to view details about an account's limits and usage in an AWS Region

Read

GetAlias

Grants permission to view details about an AWS Lambda function alias

Read

function*

GetCodeSigningConfig

Grants permission to view details about an AWS Lambda code signing config

Read

code signing config*

GetEventSourceMapping

Grants permission to view details about an AWS Lambda event source mapping

Read

eventSourceMapping*

lambda:FunctionArn

GetFunction

Grants permission to view details about an AWS Lambda function

Read

function*

GetFunctionCodeSigningConfig

Grants permission to view the code signing config arn attached to an AWS Lambda function

Read

function*

GetFunctionConcurrency

Grants permission to view details about the reserved concurrency configuration for a function

Read

function*

GetFunctionConfiguration

Grants permission to view details about the version-specific settings of an AWS Lambda function or version

Read

function*

GetFunctionEventInvokeConfig

Grants permission to view the configuration for asynchronous invocation for a function, version, or alias

Read

function*

GetFunctionRecursionConfig

Grants permission to view the recursion configuration of an AWS Lambda function

Read

function*

GetFunctionUrlConfig

Grants permission to read function url configuration for a Lambda function

Read

function*

lambda:FunctionUrlAuthType

lambda:FunctionArn

GetLayerVersion

Grants permission to view details about a version of an AWS Lambda layer. Note this action also supports GetLayerVersionByArn API

Read

layerVersion*

GetLayerVersionPolicy

Grants permission to view the resource-based policy for a version of an AWS Lambda layer

Read

layerVersion*

GetPolicy

Grants permission to view the resource-based policy for an AWS Lambda function, version, or alias

Read

function*

GetProvisionedConcurrencyConfig

Grants permission to view the provisioned concurrency configuration for an AWS Lambda function's alias or version

Read

function alias

function version

GetRuntimeManagementConfig

Grants permission to view the runtime management configuration of an AWS Lambda function

Read

function*

InvokeAsync

Grants permission to invoke a function asynchronously (Deprecated)

Write

function*

InvokeFunction

Grants permission to invoke an AWS Lambda function

Write

function*

lambda:EventSourceToken

InvokeFunctionUrl [permission only]

Grants permission to invoke an AWS Lambda function through url

Write

function*

lambda:FunctionUrlAuthType

lambda:FunctionArn

lambda:EventSourceToken

ListAliases

Grants permission to retrieve a list of aliases for an AWS Lambda function

List

function*

ListCodeSigningConfigs

Grants permission to retrieve a list of AWS Lambda code signing configs

List

ListEventSourceMappings

Grants permission to retrieve a list of AWS Lambda event source mappings

List

ListFunctionEventInvokeConfigs

Grants permission to retrieve a list of configurations for asynchronous invocation for a function

List

function*

ListFunctionUrlConfigs

Grants permission to read function url configurations for a function

List

function*

lambda:FunctionUrlAuthType

ListFunctions

Grants permission to retrieve a list of AWS Lambda functions, with the version-specific configuration of each function

List

ListFunctionsByCodeSigningConfig

Grants permission to retrieve a list of AWS Lambda functions by the code signing config assigned

List

code signing config*

ListLayerVersions

Grants permission to retrieve a list of versions of an AWS Lambda layer

List

ListLayers

Grants permission to retrieve a list of AWS Lambda layers, with details about the latest version of each layer

List

ListProvisionedConcurrencyConfigs

Grants permission to retrieve a list of provisioned concurrency configurations for an AWS Lambda function

List

function*

ListTags

Grants permission to retrieve a list of tags for an AWS Lambda function, event source mapping or code signing configuration resource

Read

code signing config

eventSourceMapping

function

ListVersionsByFunction

Grants permission to retrieve a list of versions for an AWS Lambda function

List

function*

PublishLayerVersion

Grants permission to create an AWS Lambda layer

Write

layer*

PublishVersion

Grants permission to create an AWS Lambda function version

Write

function*

PutFunctionCodeSigningConfig

Grants permission to attach a code signing config to an AWS Lambda function

Write

code signing config*

function*

lambda:CodeSigningConfigArn

PutFunctionConcurrency

Grants permission to configure reserved concurrency for an AWS Lambda function

Write

function*

PutFunctionEventInvokeConfig

Grants permission to configures options for asynchronous invocation on an AWS Lambda function, version, or alias

Write

function*

PutFunctionRecursionConfig

Grants permission to update the recursion configuration of an AWS Lambda function

Write

function*

PutProvisionedConcurrencyConfig

Grants permission to configure provisioned concurrency for an AWS Lambda function's alias or version

Write

function alias

function version

PutRuntimeManagementConfig

Grants permission to update the runtime management configuration of an AWS Lambda function

Write

function*

RemoveLayerVersionPermission

Grants permission to remove a statement from the permissions policy for a version of an AWS Lambda layer

Permissions management

layerVersion*

RemovePermission

Grants permission to revoke function-use permission from an AWS service or another account

Permissions management

function*

lambda:Principal

lambda:FunctionUrlAuthType

TagResource

Grants permission to add tags to an AWS Lambda function, event source mapping or code signing configuration resource

Tagging

code signing config

eventSourceMapping

function

aws:RequestTag/${TagKey}

aws:TagKeys

UntagResource

Grants permission to remove tags from an AWS Lambda function, event source mapping or code signing configuration resource

Tagging

code signing config

eventSourceMapping

function

aws:TagKeys

UpdateAlias

Grants permission to update the configuration of an AWS Lambda function's alias

Write

function*

UpdateCodeSigningConfig

Grants permission to update an AWS Lambda code signing config

Write

code signing config*

UpdateEventSourceMapping

Grants permission to update the configuration of an AWS Lambda event source mapping

Write

eventSourceMapping*

lambda:FunctionArn

UpdateFunctionCode

Grants permission to update the code of an AWS Lambda function

Write

function*

UpdateFunctionCodeSigningConfig

Grants permission to update the code signing config of an AWS Lambda function

Write

code signing config*

function*

UpdateFunctionConfiguration

Grants permission to modify the version-specific settings of an AWS Lambda function

Write

function*

lambda:Layer

lambda:VpcIds

lambda:SubnetIds

lambda:SecurityGroupIds

UpdateFunctionEventInvokeConfig

Grants permission to modify the configuration for asynchronous invocation for an AWS Lambda function, version, or alias

Write

function*

UpdateFunctionUrlConfig

Grants permission to update a function url configuration for a Lambda function

Write

function*

lambda:FunctionUrlAuthType

lambda:FunctionArn