Lambda / Client / add_layer_version_permission

add_layer_version_permission#

Lambda.Client.add_layer_version_permission(**kwargs)#

Adds permissions to the resource-based policy of a version of an Lambda layer. Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all accounts in an organization, or all Amazon Web Services accounts.

To revoke permission, call RemoveLayerVersionPermission with the statement ID that you specified when you added it.

See also: AWS API Documentation

Request Syntax

response = client.add_layer_version_permission(
    LayerName='string',
    VersionNumber=123,
    StatementId='string',
    Action='string',
    Principal='string',
    OrganizationId='string',
    RevisionId='string'
)
Parameters:
  • LayerName (string) –

    [REQUIRED]

    The name or Amazon Resource Name (ARN) of the layer.

  • VersionNumber (integer) –

    [REQUIRED]

    The version number.

  • StatementId (string) –

    [REQUIRED]

    An identifier that distinguishes the policy from others on the same layer version.

  • Action (string) –

    [REQUIRED]

    The API action that grants access to the layer. For example, lambda:GetLayerVersion.

  • Principal (string) –

    [REQUIRED]

    An account ID, or * to grant layer usage permission to all accounts in an organization, or all Amazon Web Services accounts (if organizationId is not specified). For the last case, make sure that you really do want all Amazon Web Services accounts to have usage permission to this layer.

  • OrganizationId (string) – With the principal set to *, grant permission to all accounts in the specified organization.

  • RevisionId (string) – Only update the policy if the revision ID matches the ID specified. Use this option to avoid modifying a policy that has changed since you last read it.

Return type:

dict

Returns:

Response Syntax

{
    'Statement': 'string',
    'RevisionId': 'string'
}

Response Structure

  • (dict) –

    • Statement (string) –

      The permission statement.

    • RevisionId (string) –

      A unique identifier for the current revision of the policy.

Exceptions

  • Lambda.Client.exceptions.ServiceException

  • Lambda.Client.exceptions.ResourceNotFoundException

  • Lambda.Client.exceptions.ResourceConflictException

  • Lambda.Client.exceptions.TooManyRequestsException

  • Lambda.Client.exceptions.InvalidParameterValueException

  • Lambda.Client.exceptions.PolicyLengthExceededException

  • Lambda.Client.exceptions.PreconditionFailedException

Examples

The following example grants permission for the account 223456789012 to use version 1 of a layer named my-layer.

response = client.add_layer_version_permission(
    Action='lambda:GetLayerVersion',
    LayerName='my-layer',
    Principal='223456789012',
    StatementId='xaccount',
    VersionNumber=1,
)

print(response)

Expected Output:

{
    'RevisionId': '35d87451-f796-4a3f-a618-95a3671b0a0c',
    'Statement': '{"Sid":"xaccount","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::223456789012:root"},"Action":"lambda:GetLayerVersion","Resource":"arn:aws:lambda:us-east-2:123456789012:layer:my-layer:1"}',
    'ResponseMetadata': {
        '...': '...',
    },
}