com.pulumi.awsnative.lambda.kotlin.PermissionArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-native-kotlin Show documentation
Show all versions of pulumi-aws-native-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.awsnative.lambda.kotlin
import com.pulumi.awsnative.lambda.PermissionArgs.builder
import com.pulumi.awsnative.lambda.kotlin.enums.PermissionFunctionUrlAuthType
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName
/**
* The ``AWS::Lambda::Permission`` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.
* To grant permission to another account, specify the account ID as the ``Principal``. To grant permission to an organization defined in AOlong, specify the organization ID as the ``PrincipalOrgID``. For AWS services, the principal is a domain-style identifier defined by the service, like ``s3.amazonaws.com`` or ``sns.amazonaws.com``. For AWS services, you can also specify the ARN of the associated resource as the ``SourceArn``. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.
* If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Security and auth model for function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
* This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html).
* @property action The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``.
* @property eventSourceToken For Alexa Smart Home functions, a token that the invoker must supply.
* @property functionName The name or ARN of the Lambda function, version, or alias.
* **Name formats**
* + *Function name* – ``my-function`` (name-only), ``my-function:v1`` (with alias).
* + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:my-function``.
* + *Partial ARN* – ``123456789012:function:my-function``.
* You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
* @property functionUrlAuthType The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
* @property principal The AWS-service or AWS-account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
* @property principalOrgId The identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization.
* @property sourceAccount For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
* @property sourceArn For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.
* Note that Lambda configures the comparison using the ``StringLike`` operator.
*/
public data class PermissionArgs(
public val action: Output? = null,
public val eventSourceToken: Output? = null,
public val functionName: Output? = null,
public val functionUrlAuthType: Output? = null,
public val principal: Output? = null,
public val principalOrgId: Output? = null,
public val sourceAccount: Output? = null,
public val sourceArn: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.awsnative.lambda.PermissionArgs =
com.pulumi.awsnative.lambda.PermissionArgs.builder()
.action(action?.applyValue({ args0 -> args0 }))
.eventSourceToken(eventSourceToken?.applyValue({ args0 -> args0 }))
.functionName(functionName?.applyValue({ args0 -> args0 }))
.functionUrlAuthType(
functionUrlAuthType?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.principal(principal?.applyValue({ args0 -> args0 }))
.principalOrgId(principalOrgId?.applyValue({ args0 -> args0 }))
.sourceAccount(sourceAccount?.applyValue({ args0 -> args0 }))
.sourceArn(sourceArn?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [PermissionArgs].
*/
@PulumiTagMarker
public class PermissionArgsBuilder internal constructor() {
private var action: Output? = null
private var eventSourceToken: Output? = null
private var functionName: Output? = null
private var functionUrlAuthType: Output? = null
private var principal: Output? = null
private var principalOrgId: Output? = null
private var sourceAccount: Output? = null
private var sourceArn: Output? = null
/**
* @param value The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``.
*/
@JvmName("actyftjfjgjrbwla")
public suspend fun action(`value`: Output) {
this.action = value
}
/**
* @param value For Alexa Smart Home functions, a token that the invoker must supply.
*/
@JvmName("kkgfmpkimsfcxnsc")
public suspend fun eventSourceToken(`value`: Output) {
this.eventSourceToken = value
}
/**
* @param value The name or ARN of the Lambda function, version, or alias.
* **Name formats**
* + *Function name* – ``my-function`` (name-only), ``my-function:v1`` (with alias).
* + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:my-function``.
* + *Partial ARN* – ``123456789012:function:my-function``.
* You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
*/
@JvmName("rnuacffhxargiuvv")
public suspend fun functionName(`value`: Output) {
this.functionName = value
}
/**
* @param value The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
*/
@JvmName("oyshrscenpqdiqhd")
public suspend fun functionUrlAuthType(`value`: Output) {
this.functionUrlAuthType = value
}
/**
* @param value The AWS-service or AWS-account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
*/
@JvmName("euyuarwfnlansnpe")
public suspend fun principal(`value`: Output) {
this.principal = value
}
/**
* @param value The identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization.
*/
@JvmName("asnaqknvjohjexky")
public suspend fun principalOrgId(`value`: Output) {
this.principalOrgId = value
}
/**
* @param value For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
*/
@JvmName("vumqfamfjhjlslpx")
public suspend fun sourceAccount(`value`: Output) {
this.sourceAccount = value
}
/**
* @param value For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.
* Note that Lambda configures the comparison using the ``StringLike`` operator.
*/
@JvmName("hfcyyljpyhjwgyfy")
public suspend fun sourceArn(`value`: Output) {
this.sourceArn = value
}
/**
* @param value The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``.
*/
@JvmName("yjkwyrhchlobwbvm")
public suspend fun action(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.action = mapped
}
/**
* @param value For Alexa Smart Home functions, a token that the invoker must supply.
*/
@JvmName("jnspuvkqovuvurks")
public suspend fun eventSourceToken(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.eventSourceToken = mapped
}
/**
* @param value The name or ARN of the Lambda function, version, or alias.
* **Name formats**
* + *Function name* – ``my-function`` (name-only), ``my-function:v1`` (with alias).
* + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:my-function``.
* + *Partial ARN* – ``123456789012:function:my-function``.
* You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
*/
@JvmName("xnigavwsnbsyifab")
public suspend fun functionName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.functionName = mapped
}
/**
* @param value The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
*/
@JvmName("phvqfwgfgkkgkpds")
public suspend fun functionUrlAuthType(`value`: PermissionFunctionUrlAuthType?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.functionUrlAuthType = mapped
}
/**
* @param value The AWS-service or AWS-account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
*/
@JvmName("serlpjjoucwgynmb")
public suspend fun principal(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.principal = mapped
}
/**
* @param value The identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization.
*/
@JvmName("awdlifmqchkpjblr")
public suspend fun principalOrgId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.principalOrgId = mapped
}
/**
* @param value For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
*/
@JvmName("kwjoukxsspcsespj")
public suspend fun sourceAccount(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.sourceAccount = mapped
}
/**
* @param value For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.
* Note that Lambda configures the comparison using the ``StringLike`` operator.
*/
@JvmName("xuugicekcoywfvrx")
public suspend fun sourceArn(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.sourceArn = mapped
}
internal fun build(): PermissionArgs = PermissionArgs(
action = action,
eventSourceToken = eventSourceToken,
functionName = functionName,
functionUrlAuthType = functionUrlAuthType,
principal = principal,
principalOrgId = principalOrgId,
sourceAccount = sourceAccount,
sourceArn = sourceArn,
)
}