AddLayerVersionPermission - AWS Lambda

AddLayerVersionPermission

Adds permissions to the resource-based policy of a version of an AWS Lambda layer. Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all accounts in an organization, or all AWS accounts.

To revoke permission, call RemoveLayerVersionPermission with the statement ID that you specified when you added it.

Request Syntax

POST /2018-10-31/layers/LayerName/versions/VersionNumber/policy?RevisionId=RevisionId HTTP/1.1 Content-type: application/json { "Action": "string", "OrganizationId": "string", "Principal": "string", "StatementId": "string" }

URI Request Parameters

The request uses the following URI parameters.

LayerName

The name or Amazon Resource Name (ARN) of the layer.

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: (arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\d{12}:layer:[a-zA-Z0-9-_]+)|[a-zA-Z0-9-_]+

Required: Yes

RevisionId

Only update the policy if the revision ID matches the ID specified. Use this option to avoid modifying a policy that has changed since you last read it.

VersionNumber

The version number.

Required: Yes

Request Body

The request accepts the following data in JSON format.

Action

The API action that grants access to the layer. For example, lambda:GetLayerVersion.

Type: String

Length Constraints: Maximum length of 22.

Pattern: lambda:GetLayerVersion

Required: Yes

OrganizationId

With the principal set to *, grant permission to all accounts in the specified organization.

Type: String

Length Constraints: Maximum length of 34.

Pattern: o-[a-z0-9]{10,32}

Required: No

Principal

An account ID, or * to grant layer usage permission to all accounts in an organization, or all AWS accounts (if organizationId is not specified). For the last case, make sure that you really do want all AWS accounts to have usage permission to this layer.

Type: String

Pattern: \d{12}|\*|arn:(aws[a-zA-Z-]*):iam::\d{12}:root

Required: Yes

StatementId

An identifier that distinguishes the policy from others on the same layer version.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 100.

Pattern: ([a-zA-Z0-9-_]+)

Required: Yes

Response Syntax

HTTP/1.1 201 Content-type: application/json { "RevisionId": "string", "Statement": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

RevisionId

A unique identifier for the current revision of the policy.

Type: String

Statement

The permission statement.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidParameterValueException

One of the parameters in the request is not valid.

HTTP Status Code: 400

PolicyLengthExceededException

The permissions policy for the resource is too large. For more information, see Lambda quotas.

HTTP Status Code: 400

PreconditionFailedException

The RevisionId provided does not match the latest RevisionId for the Lambda function or alias.

  • For AddPermission and RemovePermission API operations: Call GetPolicy to retrieve the latest RevisionId for your resource.

  • For all other API operations: Call GetFunction or GetAlias to retrieve the latest RevisionId for your resource.

HTTP Status Code: 412

ResourceConflictException

The resource already exists, or another operation is in progress.

HTTP Status Code: 409

ResourceNotFoundException

The resource specified in the request does not exist.

HTTP Status Code: 404

ServiceException

The AWS Lambda service encountered an internal error.

HTTP Status Code: 500

TooManyRequestsException

The request throughput limit was exceeded. For more information, see Lambda quotas.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: