add-layer-version-permission¶

Description¶

Adds permissions to the resource-based policy of a version of an AWS Lambda layer . Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all AWS accounts, or all accounts in an organization.

To revoke permission, call RemoveLayerVersionPermission with the statement ID that you specified when you added it.

Synopsis¶

  add-layer-version-permission
--layer-name <value>
--version-number <value>
--statement-id <value>
--action <value>
--principal <value>
[--organization-id <value>]
[--revision-id <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]

Options¶

--layer-name (string)

The name or Amazon Resource Name (ARN) of the layer.

--version-number (long)

The version number.

--statement-id (string)

An identifier that distinguishes the policy from others on the same layer version.

--action (string)

The API action that grants access to the layer. For example, lambda:GetLayerVersion .

--principal (string)

An account ID, or * to grant permission to all AWS accounts.

--organization-id (string)

With the principal set to * , grant permission to all accounts in the specified organization.

--revision-id (string)

Only update the policy if the revision ID matches the ID specified. Use this option to avoid modifying a policy that has changed since you last read it.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

--cli-auto-prompt (boolean) Automatically prompt for CLI input parameters.

See ‘aws help’ for descriptions of global parameters.

Examples¶

To add permissions to a layer version

The following add-layer-version-permission example grants permission for the specified account to use version 1 of the layer my-layer.

aws lambda add-layer-version-permission \
    --layer-name my-layer \
    --statement-id xaccount \
    --action lambda:GetLayerVersion  \
    --principal 123456789012 \
    --version-number 1

Output:

{
    "RevisionId": "35d87451-f796-4a3f-a618-95a3671b0a0c",
    "Statement":
    {
        "Sid":"xaccount",
        "Effect":"Allow",
        "Principal":{
            "AWS":"arn:aws:iam::210987654321:root"
        },
        "Action":"lambda:GetLayerVersion",
        "Resource":"arn:aws:lambda:us-east-2:123456789012:layer:my-layer:1"
    }
}

For more information, see AWS Lambda Layers in the AWS Lambda Developer Guide.

Output¶

Statement -> (string)

The permission statement.

RevisionId -> (string)

A unique identifier for the current revision of the policy.

Table of Contents

Feedback

User Guide