AWS Lambda Permission

This page shows how to write Terraform and CloudFormation for Lambda Permission and write them securely.

aws_lambda_permission (Terraform)

The Permission in Lambda can be configured in Terraform with the resource name aws_lambda_permission. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

github-icondwp/aws-analytical-env
resource "aws_lambda_permission" "allow_cognito_create" {
  statement_id  = "AllowExecutionFromCognito"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.lambda_create_challenge.function_name
  principal     = "cognito-idp.amazonaws.com"
  source_arn    = var.cognito_user_pool_arn

Parameters

Explanation in Terraform Registry

Gives an external source (like a CloudWatch Event Rule, SNS, or S3) permission to access the Lambda function.

AWS::Lambda::Permission (CloudFormation)

The Permission in Lambda can be configured in CloudFormation with the resource name AWS::Lambda::Permission. The following sections describe how to use the resource and its parameters.

Parameters

Explanation in CloudFormation Registry

The AWS::Lambda::Permission resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.

To grant permission to another account, specify the account ID as the Principal. For AWS services, the principal is a domain-style identifier defined by the service, like s3.amazonaws.com or sns.amazonaws.com. For AWS services, you can also specify the ARN of the associated resource as the SourceArn. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.

This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see Lambda Function Policies.

Frequently asked questions

What is AWS Lambda Permission?

AWS Lambda Permission is a resource for Lambda of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Lambda Permission?

For Terraform, the dwp/aws-analytical-env source code example is useful. See the Terraform Example section for further details.