AWS Lambda

2024/09/17 - AWS Lambda - 5 new api methods

Changes  Support for JSON resource-based policies and block public access

DeleteResourcePolicy (new) Link ¶

Deletes a resource-based policy from a function.

See also: AWS API Documentation

Request Syntax

client.delete_resource_policy(
    ResourceArn='string',
    RevisionId='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the function you want to delete the policy from. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

type RevisionId:

string

param RevisionId:

Delete the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached to your function, use the GetResourcePolicy action.

returns:

None

PutResourcePolicy (new) Link ¶

Adds a resource-based policy to a function. You can use resource-based policies to grant access to other Amazon Web Services accounts, organizations, or services. Resource-based policies apply to a single function, version, or alias.

See also: AWS API Documentation

Request Syntax

client.put_resource_policy(
    ResourceArn='string',
    Policy='string',
    RevisionId='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the function you want to add the policy to. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

type Policy:

string

param Policy:

[REQUIRED]

The JSON resource-based policy you want to add to your function.

To learn more about creating resource-based policies for controlling access to Lambda, see Working with resource-based IAM policies in Lambda in the Lambda Developer Guide.

type RevisionId:

string

param RevisionId:

Replace the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached to your function, use the GetResourcePolicy action.

rtype:

dict

returns:

Response Syntax

{
    'Policy': 'string',
    'RevisionId': 'string'
}

Response Structure

  • (dict) --

    • Policy (string) --

      The policy Lambda added to your function.

    • RevisionId (string) --

      The revision ID of the policy Lambda added to your function.

PutPublicAccessBlockConfig (new) Link ¶

Configure your function's public-access settings.

To control public access to a Lambda function, you can choose whether to allow the creation of resource-based policies that allow public access to that function. You can also block public access to a function, even if it has an existing resource-based policy that allows it.

See also: AWS API Documentation

Request Syntax

client.put_public_access_block_config(
    ResourceArn='string',
    PublicAccessBlockConfig={
        'BlockPublicPolicy': True|False,
        'RestrictPublicResource': True|False
    }
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the function you want to configure public-access settings for. Public-access settings are applied at the function level, so you can't apply different settings to function versions or aliases.

type PublicAccessBlockConfig:

dict

param PublicAccessBlockConfig:

[REQUIRED]

An object defining the public-access settings you want to apply.

To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

The default setting for both BlockPublicPolicy and RestrictPublicResource is true.

  • BlockPublicPolicy (boolean) --

    To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

  • RestrictPublicResource (boolean) --

    To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

rtype:

dict

returns:

Response Syntax

{
    'PublicAccessBlockConfig': {
        'BlockPublicPolicy': True|False,
        'RestrictPublicResource': True|False
    }
}

Response Structure

  • (dict) --

    • PublicAccessBlockConfig (dict) --

      The public-access settings Lambda applied to your function.

      • BlockPublicPolicy (boolean) --

        To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

      • RestrictPublicResource (boolean) --

        To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

GetResourcePolicy (new) Link ¶

Retrieves the resource-based policy attached to a function.

See also: AWS API Documentation

Request Syntax

client.get_resource_policy(
    ResourceArn='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the function you want to retrieve the policy for. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

rtype:

dict

returns:

Response Syntax

{
    'Policy': 'string',
    'RevisionId': 'string'
}

Response Structure

  • (dict) --

    • Policy (string) --

      The resource-based policy attached to the function you specified.

    • RevisionId (string) --

      The revision ID of the policy.

GetPublicAccessBlockConfig (new) Link ¶

Retrieve the public-access settings for a function.

See also: AWS API Documentation

Request Syntax

client.get_public_access_block_config(
    ResourceArn='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the function you want to retrieve public-access settings for.

rtype:

dict

returns:

Response Syntax

{
    'PublicAccessBlockConfig': {
        'BlockPublicPolicy': True|False,
        'RestrictPublicResource': True|False
    }
}

Response Structure

  • (dict) --

    • PublicAccessBlockConfig (dict) --

      The public-access settings configured for the function you specified

      • BlockPublicPolicy (boolean) --

        To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

      • RestrictPublicResource (boolean) --

        To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.