software.amazon.awscdk.services.lambda

Class Permission.Builder

java.lang.Object

software.amazon.awscdk.services.lambda.Permission.Builder

All Implemented Interfaces:

software.amazon.jsii.Builder<Permission>

Enclosing interface:

Permission

@Stability(value=Stable)
public static final class Permission.Builder
extends Object
implements software.amazon.jsii.Builder<Permission>

A builder for Permission

Constructor Summary

Constructors

Constructor and Description
Builder()

Method Summary

Modifier and Type	Method and Description
Permission.Builder	action(String action) Sets the value of Permission.getAction()
Permission	build() Builds the configured instance.
Permission.Builder	eventSourceToken(String eventSourceToken) Sets the value of Permission.getEventSourceToken()
Permission.Builder	functionUrlAuthType(FunctionUrlAuthType functionUrlAuthType) Sets the value of Permission.getFunctionUrlAuthType()
Permission.Builder	organizationId(String organizationId) Sets the value of Permission.getOrganizationId()
Permission.Builder	principal(IPrincipal principal) Sets the value of Permission.getPrincipal()
Permission.Builder	scope(software.constructs.Construct scope) Sets the value of Permission.getScope()
Permission.Builder	sourceAccount(String sourceAccount) Sets the value of Permission.getSourceAccount()
Permission.Builder	sourceArn(String sourceArn) Sets the value of Permission.getSourceArn()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Builder

public Builder()

Method Detail

principal

@Stability(value=Stable)
public Permission.Builder principal(IPrincipal principal)

Sets the value of Permission.getPrincipal()

Parameters:

principal - The entity for which you are granting permission to invoke the Lambda function. This parameter is required. This entity can be any of the following:

• a valid AWS service principal, such as s3.amazonaws.com or sns.amazonaws.com
• an AWS account ID for cross-account permissions. For example, you might want to allow a custom application in another AWS account to push events to Lambda by invoking your function.
• an AWS organization principal to grant permissions to an entire organization.

The principal can be an AccountPrincipal, an ArnPrincipal, a ServicePrincipal, or an OrganizationPrincipal.

Returns:

this

action

@Stability(value=Stable)
public Permission.Builder action(String action)

Sets the value of Permission.getAction()

Parameters:

action - The Lambda actions that you want to allow in this statement. For example, you can specify lambda:CreateFunction to specify a certain action, or use a wildcard (lambda:*) to grant permission to all Lambda actions. For a list of actions, see Actions and Condition Context Keys for AWS Lambda in the IAM User Guide.

Returns:

this

eventSourceToken

@Stability(value=Stable)
public Permission.Builder eventSourceToken(String eventSourceToken)

Sets the value of Permission.getEventSourceToken()

Parameters:

eventSourceToken - A unique token that must be supplied by the principal invoking the function.

Returns:

this

functionUrlAuthType

@Stability(value=Stable)
public Permission.Builder functionUrlAuthType(FunctionUrlAuthType functionUrlAuthType)

Sets the value of Permission.getFunctionUrlAuthType()

Parameters:

functionUrlAuthType - The authType for the function URL that you are granting permissions for.

Returns:

this

organizationId

@Stability(value=Stable)
public Permission.Builder organizationId(String organizationId)

Sets the value of Permission.getOrganizationId()

Parameters:

organizationId - The organization you want to grant permissions to. Use this ONLY if you need to grant permissions to a subset of the organization. If you want to grant permissions to the entire organization, sending the organization principal through the principal property will suffice.

You can use this property to ensure that all source principals are owned by a specific organization.

Returns:

this

scope

@Stability(value=Stable)
public Permission.Builder scope(software.constructs.Construct scope)

Sets the value of Permission.getScope()

Parameters:

scope - The scope to which the permission constructs be attached. The default is the Lambda function construct itself, but this would need to be different in cases such as cross-stack references where the Permissions would need to sit closer to the consumer of this permission (i.e., the caller).

Returns:

this

sourceAccount

@Stability(value=Stable)
public Permission.Builder sourceAccount(String sourceAccount)

Sets the value of Permission.getSourceAccount()

Parameters:

sourceAccount - The AWS account ID (without hyphens) of the source owner. For example, if you specify an S3 bucket in the SourceArn property, this value is the bucket owner's account ID. You can use this property to ensure that all source principals are owned by a specific account.

Returns:

this

sourceArn

@Stability(value=Stable)
public Permission.Builder sourceArn(String sourceArn)

Sets the value of Permission.getSourceArn()

Parameters:

sourceArn - The ARN of a resource that is invoking your function. When granting Amazon Simple Storage Service (Amazon S3) permission to invoke your function, specify this property with the bucket ARN as its value. This ensures that events generated only from the specified bucket, not just any bucket from any AWS account that creates a mapping to your function, can invoke the function.

Returns:

this

build

@Stability(value=Stable)
public Permission build()

Builds the configured instance.

Specified by:

build in interface software.amazon.jsii.Builder<Permission>

Returns:

a new instance of Permission

Throws:

NullPointerException - if any required attribute was not provided