API_AddLayerVersionPermission.md

AddLayerVersionPermission

Adds permissions to the resource-based policy of a version of an AWS Lambda layer. Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all accounts in an organization, or all AWS accounts.

To revoke permission, call RemoveLayerVersionPermission with the statement ID that you specified when you added it.

Request Syntax

POST /2018-10-31/layers/LayerName/versions/VersionNumber/policy?RevisionId=RevisionId HTTP/1.1
Content-type: application/json

{
   "Action": "string",
   "OrganizationId": "string",
   "Principal": "string",
   "StatementId": "string"
}

URI Request Parameters

The request uses the following URI parameters.

** LayerName ** The name or Amazon Resource Name (ARN) of the layer.
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: (arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\d{12}:layer:[a-zA-Z0-9-_]+)|[a-zA-Z0-9-_]+
Required: Yes

** RevisionId ** Only update the policy if the revision ID matches the ID specified. Use this option to avoid modifying a policy that has changed since you last read it.

** VersionNumber ** The version number.
Required: Yes

Request Body

The request accepts the following data in JSON format.

** Action ** The API action that grants access to the layer. For example, lambda:GetLayerVersion.
Type: String
Length Constraints: Maximum length of 22.
Pattern: lambda:GetLayerVersion
Required: Yes

** OrganizationId ** With the principal set to *, grant permission to all accounts in the specified organization.
Type: String
Length Constraints: Maximum length of 34.
Pattern: o-[a-z0-9]{10,32}
Required: No

** Principal ** An account ID, or * to grant layer usage permission to all accounts in an organization, or all AWS accounts (if organizationId is not specified). For the last case, make sure that you really do want all AWS accounts to have usage permission to this layer.
Type: String
Pattern: \d{12}|\*|arn:(aws[a-zA-Z-]*):iam::\d{12}:root
Required: Yes

** StatementId ** An identifier that distinguishes the policy from others on the same layer version.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern: ([a-zA-Z0-9-_]+)
Required: Yes

Response Syntax

HTTP/1.1 201
Content-type: application/json

{
   "RevisionId": "string",
   "Statement": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

** RevisionId ** A unique identifier for the current revision of the policy.
Type: String

** Statement ** The permission statement.
Type: String

Errors

** InvalidParameterValueException **
One of the parameters in the request is invalid.
HTTP Status Code: 400

** PolicyLengthExceededException **
The permissions policy for the resource is too large. Learn more
HTTP Status Code: 400

** PreconditionFailedException **
The RevisionId provided does not match the latest RevisionId for the Lambda function or alias. Call the GetFunction or the GetAlias API to retrieve the latest RevisionId for your resource.
HTTP Status Code: 412

** ResourceConflictException **
The resource already exists, or another operation is in progress.
HTTP Status Code: 409

** ResourceNotFoundException **
The resource specified in the request does not exist.
HTTP Status Code: 404

** ServiceException **
The AWS Lambda service encountered an internal error.
HTTP Status Code: 500

** TooManyRequestsException **
The request throughput limit was exceeded.
HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3