1. Packages
  2. AWS
  3. API Docs
  4. lambda
  5. LayerVersionPermission
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

aws.lambda.LayerVersionPermission

Explore with Pulumi AI

Provides a Lambda Layer Version Permission resource. It allows you to share you own Lambda Layers to another account by account ID, to all accounts in AWS organization or even to all AWS accounts.

For information about Lambda Layer Permissions and how to use them, see [Using Resource-based Policies for AWS Lambda][1]

NOTE: Setting skip_destroy to true means that the AWS Provider will not destroy any layer version permission, even when running pulumi destroy. Layer version permissions are thus intentional dangling resources that are not managed by Pulumi and may incur extra expense in your AWS account.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const lambdaLayerPermission = new aws.lambda.LayerVersionPermission("lambda_layer_permission", {
    layerName: "arn:aws:lambda:us-west-2:123456654321:layer:test_layer1",
    versionNumber: 1,
    principal: "111111111111",
    action: "lambda:GetLayerVersion",
    statementId: "dev-account",
});
Copy
import pulumi
import pulumi_aws as aws

lambda_layer_permission = aws.lambda_.LayerVersionPermission("lambda_layer_permission",
    layer_name="arn:aws:lambda:us-west-2:123456654321:layer:test_layer1",
    version_number=1,
    principal="111111111111",
    action="lambda:GetLayerVersion",
    statement_id="dev-account")
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lambda.NewLayerVersionPermission(ctx, "lambda_layer_permission", &lambda.LayerVersionPermissionArgs{
			LayerName:     pulumi.String("arn:aws:lambda:us-west-2:123456654321:layer:test_layer1"),
			VersionNumber: pulumi.Int(1),
			Principal:     pulumi.String("111111111111"),
			Action:        pulumi.String("lambda:GetLayerVersion"),
			StatementId:   pulumi.String("dev-account"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var lambdaLayerPermission = new Aws.Lambda.LayerVersionPermission("lambda_layer_permission", new()
    {
        LayerName = "arn:aws:lambda:us-west-2:123456654321:layer:test_layer1",
        VersionNumber = 1,
        Principal = "111111111111",
        Action = "lambda:GetLayerVersion",
        StatementId = "dev-account",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersionPermission;
import com.pulumi.aws.lambda.LayerVersionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var lambdaLayerPermission = new LayerVersionPermission("lambdaLayerPermission", LayerVersionPermissionArgs.builder()
            .layerName("arn:aws:lambda:us-west-2:123456654321:layer:test_layer1")
            .versionNumber(1)
            .principal("111111111111")
            .action("lambda:GetLayerVersion")
            .statementId("dev-account")
            .build());

    }
}
Copy
resources:
  lambdaLayerPermission:
    type: aws:lambda:LayerVersionPermission
    name: lambda_layer_permission
    properties:
      layerName: arn:aws:lambda:us-west-2:123456654321:layer:test_layer1
      versionNumber: 1
      principal: '111111111111'
      action: lambda:GetLayerVersion
      statementId: dev-account
Copy

Create LayerVersionPermission Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LayerVersionPermission(name: string, args: LayerVersionPermissionArgs, opts?: CustomResourceOptions);
@overload
def LayerVersionPermission(resource_name: str,
                           args: LayerVersionPermissionArgs,
                           opts: Optional[ResourceOptions] = None)

@overload
def LayerVersionPermission(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           action: Optional[str] = None,
                           layer_name: Optional[str] = None,
                           principal: Optional[str] = None,
                           statement_id: Optional[str] = None,
                           version_number: Optional[int] = None,
                           organization_id: Optional[str] = None,
                           skip_destroy: Optional[bool] = None)
func NewLayerVersionPermission(ctx *Context, name string, args LayerVersionPermissionArgs, opts ...ResourceOption) (*LayerVersionPermission, error)
public LayerVersionPermission(string name, LayerVersionPermissionArgs args, CustomResourceOptions? opts = null)
public LayerVersionPermission(String name, LayerVersionPermissionArgs args)
public LayerVersionPermission(String name, LayerVersionPermissionArgs args, CustomResourceOptions options)
type: aws:lambda:LayerVersionPermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. LayerVersionPermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. LayerVersionPermissionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. LayerVersionPermissionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. LayerVersionPermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. LayerVersionPermissionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var layerVersionPermissionResource = new Aws.Lambda.LayerVersionPermission("layerVersionPermissionResource", new()
{
    Action = "string",
    LayerName = "string",
    Principal = "string",
    StatementId = "string",
    VersionNumber = 0,
    OrganizationId = "string",
    SkipDestroy = false,
});
Copy
example, err := lambda.NewLayerVersionPermission(ctx, "layerVersionPermissionResource", &lambda.LayerVersionPermissionArgs{
	Action:         pulumi.String("string"),
	LayerName:      pulumi.String("string"),
	Principal:      pulumi.String("string"),
	StatementId:    pulumi.String("string"),
	VersionNumber:  pulumi.Int(0),
	OrganizationId: pulumi.String("string"),
	SkipDestroy:    pulumi.Bool(false),
})
Copy
var layerVersionPermissionResource = new LayerVersionPermission("layerVersionPermissionResource", LayerVersionPermissionArgs.builder()
    .action("string")
    .layerName("string")
    .principal("string")
    .statementId("string")
    .versionNumber(0)
    .organizationId("string")
    .skipDestroy(false)
    .build());
Copy
layer_version_permission_resource = aws.lambda_.LayerVersionPermission("layerVersionPermissionResource",
    action="string",
    layer_name="string",
    principal="string",
    statement_id="string",
    version_number=0,
    organization_id="string",
    skip_destroy=False)
Copy
const layerVersionPermissionResource = new aws.lambda.LayerVersionPermission("layerVersionPermissionResource", {
    action: "string",
    layerName: "string",
    principal: "string",
    statementId: "string",
    versionNumber: 0,
    organizationId: "string",
    skipDestroy: false,
});
Copy
type: aws:lambda:LayerVersionPermission
properties:
    action: string
    layerName: string
    organizationId: string
    principal: string
    skipDestroy: false
    statementId: string
    versionNumber: 0
Copy

LayerVersionPermission Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LayerVersionPermission resource accepts the following input properties:

Action
This property is required.
Changes to this property will trigger replacement.
string
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName
This property is required.
Changes to this property will trigger replacement.
string
The name or ARN of the Lambda Layer, which you want to grant access to.
Principal
This property is required.
Changes to this property will trigger replacement.
string
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
StatementId
This property is required.
Changes to this property will trigger replacement.
string
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber
This property is required.
Changes to this property will trigger replacement.
int
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
OrganizationId Changes to this property will trigger replacement. string
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
SkipDestroy Changes to this property will trigger replacement. bool
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
Action
This property is required.
Changes to this property will trigger replacement.
string
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName
This property is required.
Changes to this property will trigger replacement.
string
The name or ARN of the Lambda Layer, which you want to grant access to.
Principal
This property is required.
Changes to this property will trigger replacement.
string
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
StatementId
This property is required.
Changes to this property will trigger replacement.
string
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber
This property is required.
Changes to this property will trigger replacement.
int
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
OrganizationId Changes to this property will trigger replacement. string
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
SkipDestroy Changes to this property will trigger replacement. bool
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
action
This property is required.
Changes to this property will trigger replacement.
String
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName
This property is required.
Changes to this property will trigger replacement.
String
The name or ARN of the Lambda Layer, which you want to grant access to.
principal
This property is required.
Changes to this property will trigger replacement.
String
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statementId
This property is required.
Changes to this property will trigger replacement.
String
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber
This property is required.
Changes to this property will trigger replacement.
Integer
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organizationId Changes to this property will trigger replacement. String
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skipDestroy Changes to this property will trigger replacement. Boolean
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
action
This property is required.
Changes to this property will trigger replacement.
string
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName
This property is required.
Changes to this property will trigger replacement.
string
The name or ARN of the Lambda Layer, which you want to grant access to.
principal
This property is required.
Changes to this property will trigger replacement.
string
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statementId
This property is required.
Changes to this property will trigger replacement.
string
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber
This property is required.
Changes to this property will trigger replacement.
number
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organizationId Changes to this property will trigger replacement. string
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skipDestroy Changes to this property will trigger replacement. boolean
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
action
This property is required.
Changes to this property will trigger replacement.
str
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layer_name
This property is required.
Changes to this property will trigger replacement.
str
The name or ARN of the Lambda Layer, which you want to grant access to.
principal
This property is required.
Changes to this property will trigger replacement.
str
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statement_id
This property is required.
Changes to this property will trigger replacement.
str
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
version_number
This property is required.
Changes to this property will trigger replacement.
int
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organization_id Changes to this property will trigger replacement. str
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skip_destroy Changes to this property will trigger replacement. bool
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
action
This property is required.
Changes to this property will trigger replacement.
String
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName
This property is required.
Changes to this property will trigger replacement.
String
The name or ARN of the Lambda Layer, which you want to grant access to.
principal
This property is required.
Changes to this property will trigger replacement.
String
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statementId
This property is required.
Changes to this property will trigger replacement.
String
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber
This property is required.
Changes to this property will trigger replacement.
Number
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organizationId Changes to this property will trigger replacement. String
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skipDestroy Changes to this property will trigger replacement. Boolean
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.

Outputs

All input properties are implicitly available as output properties. Additionally, the LayerVersionPermission resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Policy string
Full Lambda Layer Permission policy.
RevisionId string
A unique identifier for the current revision of the policy.
Id string
The provider-assigned unique ID for this managed resource.
Policy string
Full Lambda Layer Permission policy.
RevisionId string
A unique identifier for the current revision of the policy.
id String
The provider-assigned unique ID for this managed resource.
policy String
Full Lambda Layer Permission policy.
revisionId String
A unique identifier for the current revision of the policy.
id string
The provider-assigned unique ID for this managed resource.
policy string
Full Lambda Layer Permission policy.
revisionId string
A unique identifier for the current revision of the policy.
id str
The provider-assigned unique ID for this managed resource.
policy str
Full Lambda Layer Permission policy.
revision_id str
A unique identifier for the current revision of the policy.
id String
The provider-assigned unique ID for this managed resource.
policy String
Full Lambda Layer Permission policy.
revisionId String
A unique identifier for the current revision of the policy.

Look up Existing LayerVersionPermission Resource

Get an existing LayerVersionPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LayerVersionPermissionState, opts?: CustomResourceOptions): LayerVersionPermission
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        layer_name: Optional[str] = None,
        organization_id: Optional[str] = None,
        policy: Optional[str] = None,
        principal: Optional[str] = None,
        revision_id: Optional[str] = None,
        skip_destroy: Optional[bool] = None,
        statement_id: Optional[str] = None,
        version_number: Optional[int] = None) -> LayerVersionPermission
func GetLayerVersionPermission(ctx *Context, name string, id IDInput, state *LayerVersionPermissionState, opts ...ResourceOption) (*LayerVersionPermission, error)
public static LayerVersionPermission Get(string name, Input<string> id, LayerVersionPermissionState? state, CustomResourceOptions? opts = null)
public static LayerVersionPermission get(String name, Output<String> id, LayerVersionPermissionState state, CustomResourceOptions options)
resources:  _:    type: aws:lambda:LayerVersionPermission    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Action Changes to this property will trigger replacement. string
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName Changes to this property will trigger replacement. string
The name or ARN of the Lambda Layer, which you want to grant access to.
OrganizationId Changes to this property will trigger replacement. string
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
Policy string
Full Lambda Layer Permission policy.
Principal Changes to this property will trigger replacement. string
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
RevisionId string
A unique identifier for the current revision of the policy.
SkipDestroy Changes to this property will trigger replacement. bool
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
StatementId Changes to this property will trigger replacement. string
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber Changes to this property will trigger replacement. int
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
Action Changes to this property will trigger replacement. string
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName Changes to this property will trigger replacement. string
The name or ARN of the Lambda Layer, which you want to grant access to.
OrganizationId Changes to this property will trigger replacement. string
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
Policy string
Full Lambda Layer Permission policy.
Principal Changes to this property will trigger replacement. string
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
RevisionId string
A unique identifier for the current revision of the policy.
SkipDestroy Changes to this property will trigger replacement. bool
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
StatementId Changes to this property will trigger replacement. string
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber Changes to this property will trigger replacement. int
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
action Changes to this property will trigger replacement. String
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName Changes to this property will trigger replacement. String
The name or ARN of the Lambda Layer, which you want to grant access to.
organizationId Changes to this property will trigger replacement. String
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy String
Full Lambda Layer Permission policy.
principal Changes to this property will trigger replacement. String
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revisionId String
A unique identifier for the current revision of the policy.
skipDestroy Changes to this property will trigger replacement. Boolean
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statementId Changes to this property will trigger replacement. String
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber Changes to this property will trigger replacement. Integer
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
action Changes to this property will trigger replacement. string
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName Changes to this property will trigger replacement. string
The name or ARN of the Lambda Layer, which you want to grant access to.
organizationId Changes to this property will trigger replacement. string
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy string
Full Lambda Layer Permission policy.
principal Changes to this property will trigger replacement. string
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revisionId string
A unique identifier for the current revision of the policy.
skipDestroy Changes to this property will trigger replacement. boolean
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statementId Changes to this property will trigger replacement. string
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber Changes to this property will trigger replacement. number
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
action Changes to this property will trigger replacement. str
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layer_name Changes to this property will trigger replacement. str
The name or ARN of the Lambda Layer, which you want to grant access to.
organization_id Changes to this property will trigger replacement. str
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy str
Full Lambda Layer Permission policy.
principal Changes to this property will trigger replacement. str
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revision_id str
A unique identifier for the current revision of the policy.
skip_destroy Changes to this property will trigger replacement. bool
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statement_id Changes to this property will trigger replacement. str
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
version_number Changes to this property will trigger replacement. int
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
action Changes to this property will trigger replacement. String
Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName Changes to this property will trigger replacement. String
The name or ARN of the Lambda Layer, which you want to grant access to.
organizationId Changes to this property will trigger replacement. String
An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy String
Full Lambda Layer Permission policy.
principal Changes to this property will trigger replacement. String
AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revisionId String
A unique identifier for the current revision of the policy.
skipDestroy Changes to this property will trigger replacement. Boolean
Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statementId Changes to this property will trigger replacement. String
The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber Changes to this property will trigger replacement. Number
Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.

Import

Using pulumi import, import Lambda Layer Permissions using layer_name and version_number, separated by a comma (,). For example:

$ pulumi import aws:lambda/layerVersionPermission:LayerVersionPermission example arn:aws:lambda:us-west-2:123456654321:layer:test_layer1,1
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.