From 566bb05232a186ef130785caeae12ca538a189c0 Mon Sep 17 00:00:00 2001 From: awstools Date: Tue, 17 Sep 2024 18:16:50 +0000 Subject: [PATCH] feat(client-lambda): Support for JSON resource-based policies and block public access --- clients/client-lambda/README.md | 40 ++ clients/client-lambda/src/Lambda.ts | 115 +++++ clients/client-lambda/src/LambdaClient.ts | 24 + .../commands/DeleteResourcePolicyCommand.ts | 107 +++++ .../GetPublicAccessBlockConfigCommand.ts | 95 ++++ .../src/commands/GetResourcePolicyCommand.ts | 93 ++++ .../PutPublicAccessBlockConfigCommand.ts | 106 +++++ .../src/commands/PutResourcePolicyCommand.ts | 129 +++++ clients/client-lambda/src/commands/index.ts | 5 + clients/client-lambda/src/models/models_0.ts | 202 ++++++++ .../src/protocols/Aws_restJson1.ts | 245 ++++++++++ codegen/sdk-codegen/aws-models/lambda.json | 445 ++++++++++++++++++ 12 files changed, 1606 insertions(+) create mode 100644 clients/client-lambda/src/commands/DeleteResourcePolicyCommand.ts create mode 100644 clients/client-lambda/src/commands/GetPublicAccessBlockConfigCommand.ts create mode 100644 clients/client-lambda/src/commands/GetResourcePolicyCommand.ts create mode 100644 clients/client-lambda/src/commands/PutPublicAccessBlockConfigCommand.ts create mode 100644 clients/client-lambda/src/commands/PutResourcePolicyCommand.ts diff --git a/clients/client-lambda/README.md b/clients/client-lambda/README.md index f29e02171dc0..76fe49fa2280 100644 --- a/clients/client-lambda/README.md +++ b/clients/client-lambda/README.md @@ -403,6 +403,14 @@ DeleteProvisionedConcurrencyConfig [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/DeleteProvisionedConcurrencyConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteProvisionedConcurrencyConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteProvisionedConcurrencyConfigCommandOutput/) + +
+ +DeleteResourcePolicy + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/DeleteResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteResourcePolicyCommandOutput/) +
@@ -531,6 +539,22 @@ GetProvisionedConcurrencyConfig [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/GetProvisionedConcurrencyConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetProvisionedConcurrencyConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetProvisionedConcurrencyConfigCommandOutput/) +
+
+ +GetPublicAccessBlockConfig + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/GetPublicAccessBlockConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetPublicAccessBlockConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetPublicAccessBlockConfigCommandOutput/) + +
+
+ +GetResourcePolicy + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/GetResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetResourcePolicyCommandOutput/) +
@@ -715,6 +739,22 @@ PutProvisionedConcurrencyConfig [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/PutProvisionedConcurrencyConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutProvisionedConcurrencyConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutProvisionedConcurrencyConfigCommandOutput/) +
+
+ +PutPublicAccessBlockConfig + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/PutPublicAccessBlockConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutPublicAccessBlockConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutPublicAccessBlockConfigCommandOutput/) + +
+
+ +PutResourcePolicy + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/PutResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutResourcePolicyCommandOutput/) +
diff --git a/clients/client-lambda/src/Lambda.ts b/clients/client-lambda/src/Lambda.ts index f6b0e42e6bc4..015f9aa8eb4f 100644 --- a/clients/client-lambda/src/Lambda.ts +++ b/clients/client-lambda/src/Lambda.ts @@ -79,6 +79,11 @@ import { DeleteProvisionedConcurrencyConfigCommandInput, DeleteProvisionedConcurrencyConfigCommandOutput, } from "./commands/DeleteProvisionedConcurrencyConfigCommand"; +import { + DeleteResourcePolicyCommand, + DeleteResourcePolicyCommandInput, + DeleteResourcePolicyCommandOutput, +} from "./commands/DeleteResourcePolicyCommand"; import { GetAccountSettingsCommand, GetAccountSettingsCommandInput, @@ -147,6 +152,16 @@ import { GetProvisionedConcurrencyConfigCommandInput, GetProvisionedConcurrencyConfigCommandOutput, } from "./commands/GetProvisionedConcurrencyConfigCommand"; +import { + GetPublicAccessBlockConfigCommand, + GetPublicAccessBlockConfigCommandInput, + GetPublicAccessBlockConfigCommandOutput, +} from "./commands/GetPublicAccessBlockConfigCommand"; +import { + GetResourcePolicyCommand, + GetResourcePolicyCommandInput, + GetResourcePolicyCommandOutput, +} from "./commands/GetResourcePolicyCommand"; import { GetRuntimeManagementConfigCommand, GetRuntimeManagementConfigCommandInput, @@ -242,6 +257,16 @@ import { PutProvisionedConcurrencyConfigCommandInput, PutProvisionedConcurrencyConfigCommandOutput, } from "./commands/PutProvisionedConcurrencyConfigCommand"; +import { + PutPublicAccessBlockConfigCommand, + PutPublicAccessBlockConfigCommandInput, + PutPublicAccessBlockConfigCommandOutput, +} from "./commands/PutPublicAccessBlockConfigCommand"; +import { + PutResourcePolicyCommand, + PutResourcePolicyCommandInput, + PutResourcePolicyCommandOutput, +} from "./commands/PutResourcePolicyCommand"; import { PutRuntimeManagementConfigCommand, PutRuntimeManagementConfigCommandInput, @@ -314,6 +339,7 @@ const commands = { DeleteFunctionUrlConfigCommand, DeleteLayerVersionCommand, DeleteProvisionedConcurrencyConfigCommand, + DeleteResourcePolicyCommand, GetAccountSettingsCommand, GetAliasCommand, GetCodeSigningConfigCommand, @@ -330,6 +356,8 @@ const commands = { GetLayerVersionPolicyCommand, GetPolicyCommand, GetProvisionedConcurrencyConfigCommand, + GetPublicAccessBlockConfigCommand, + GetResourcePolicyCommand, GetRuntimeManagementConfigCommand, InvokeCommand, InvokeAsyncCommand, @@ -353,6 +381,8 @@ const commands = { PutFunctionEventInvokeConfigCommand, PutFunctionRecursionConfigCommand, PutProvisionedConcurrencyConfigCommand, + PutPublicAccessBlockConfigCommand, + PutResourcePolicyCommand, PutRuntimeManagementConfigCommand, RemoveLayerVersionPermissionCommand, RemovePermissionCommand, @@ -633,6 +663,23 @@ export interface Lambda { cb: (err: any, data?: DeleteProvisionedConcurrencyConfigCommandOutput) => void ): void; + /** + * @see {@link DeleteResourcePolicyCommand} + */ + deleteResourcePolicy( + args: DeleteResourcePolicyCommandInput, + options?: __HttpHandlerOptions + ): Promise; + deleteResourcePolicy( + args: DeleteResourcePolicyCommandInput, + cb: (err: any, data?: DeleteResourcePolicyCommandOutput) => void + ): void; + deleteResourcePolicy( + args: DeleteResourcePolicyCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: DeleteResourcePolicyCommandOutput) => void + ): void; + /** * @see {@link GetAccountSettingsCommand} */ @@ -885,6 +932,40 @@ export interface Lambda { cb: (err: any, data?: GetProvisionedConcurrencyConfigCommandOutput) => void ): void; + /** + * @see {@link GetPublicAccessBlockConfigCommand} + */ + getPublicAccessBlockConfig( + args: GetPublicAccessBlockConfigCommandInput, + options?: __HttpHandlerOptions + ): Promise; + getPublicAccessBlockConfig( + args: GetPublicAccessBlockConfigCommandInput, + cb: (err: any, data?: GetPublicAccessBlockConfigCommandOutput) => void + ): void; + getPublicAccessBlockConfig( + args: GetPublicAccessBlockConfigCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: GetPublicAccessBlockConfigCommandOutput) => void + ): void; + + /** + * @see {@link GetResourcePolicyCommand} + */ + getResourcePolicy( + args: GetResourcePolicyCommandInput, + options?: __HttpHandlerOptions + ): Promise; + getResourcePolicy( + args: GetResourcePolicyCommandInput, + cb: (err: any, data?: GetResourcePolicyCommandOutput) => void + ): void; + getResourcePolicy( + args: GetResourcePolicyCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: GetResourcePolicyCommandOutput) => void + ): void; + /** * @see {@link GetRuntimeManagementConfigCommand} */ @@ -1241,6 +1322,40 @@ export interface Lambda { cb: (err: any, data?: PutProvisionedConcurrencyConfigCommandOutput) => void ): void; + /** + * @see {@link PutPublicAccessBlockConfigCommand} + */ + putPublicAccessBlockConfig( + args: PutPublicAccessBlockConfigCommandInput, + options?: __HttpHandlerOptions + ): Promise; + putPublicAccessBlockConfig( + args: PutPublicAccessBlockConfigCommandInput, + cb: (err: any, data?: PutPublicAccessBlockConfigCommandOutput) => void + ): void; + putPublicAccessBlockConfig( + args: PutPublicAccessBlockConfigCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: PutPublicAccessBlockConfigCommandOutput) => void + ): void; + + /** + * @see {@link PutResourcePolicyCommand} + */ + putResourcePolicy( + args: PutResourcePolicyCommandInput, + options?: __HttpHandlerOptions + ): Promise; + putResourcePolicy( + args: PutResourcePolicyCommandInput, + cb: (err: any, data?: PutResourcePolicyCommandOutput) => void + ): void; + putResourcePolicy( + args: PutResourcePolicyCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: PutResourcePolicyCommandOutput) => void + ): void; + /** * @see {@link PutRuntimeManagementConfigCommand} */ diff --git a/clients/client-lambda/src/LambdaClient.ts b/clients/client-lambda/src/LambdaClient.ts index 1ee6ae697e14..f52ab853010c 100644 --- a/clients/client-lambda/src/LambdaClient.ts +++ b/clients/client-lambda/src/LambdaClient.ts @@ -109,6 +109,10 @@ import { DeleteProvisionedConcurrencyConfigCommandInput, DeleteProvisionedConcurrencyConfigCommandOutput, } from "./commands/DeleteProvisionedConcurrencyConfigCommand"; +import { + DeleteResourcePolicyCommandInput, + DeleteResourcePolicyCommandOutput, +} from "./commands/DeleteResourcePolicyCommand"; import { GetAccountSettingsCommandInput, GetAccountSettingsCommandOutput } from "./commands/GetAccountSettingsCommand"; import { GetAliasCommandInput, GetAliasCommandOutput } from "./commands/GetAliasCommand"; import { @@ -158,6 +162,11 @@ import { GetProvisionedConcurrencyConfigCommandInput, GetProvisionedConcurrencyConfigCommandOutput, } from "./commands/GetProvisionedConcurrencyConfigCommand"; +import { + GetPublicAccessBlockConfigCommandInput, + GetPublicAccessBlockConfigCommandOutput, +} from "./commands/GetPublicAccessBlockConfigCommand"; +import { GetResourcePolicyCommandInput, GetResourcePolicyCommandOutput } from "./commands/GetResourcePolicyCommand"; import { GetRuntimeManagementConfigCommandInput, GetRuntimeManagementConfigCommandOutput, @@ -226,6 +235,11 @@ import { PutProvisionedConcurrencyConfigCommandInput, PutProvisionedConcurrencyConfigCommandOutput, } from "./commands/PutProvisionedConcurrencyConfigCommand"; +import { + PutPublicAccessBlockConfigCommandInput, + PutPublicAccessBlockConfigCommandOutput, +} from "./commands/PutPublicAccessBlockConfigCommand"; +import { PutResourcePolicyCommandInput, PutResourcePolicyCommandOutput } from "./commands/PutResourcePolicyCommand"; import { PutRuntimeManagementConfigCommandInput, PutRuntimeManagementConfigCommandOutput, @@ -291,6 +305,7 @@ export type ServiceInputTypes = | DeleteFunctionUrlConfigCommandInput | DeleteLayerVersionCommandInput | DeleteProvisionedConcurrencyConfigCommandInput + | DeleteResourcePolicyCommandInput | GetAccountSettingsCommandInput | GetAliasCommandInput | GetCodeSigningConfigCommandInput @@ -307,6 +322,8 @@ export type ServiceInputTypes = | GetLayerVersionPolicyCommandInput | GetPolicyCommandInput | GetProvisionedConcurrencyConfigCommandInput + | GetPublicAccessBlockConfigCommandInput + | GetResourcePolicyCommandInput | GetRuntimeManagementConfigCommandInput | InvokeAsyncCommandInput | InvokeCommandInput @@ -330,6 +347,8 @@ export type ServiceInputTypes = | PutFunctionEventInvokeConfigCommandInput | PutFunctionRecursionConfigCommandInput | PutProvisionedConcurrencyConfigCommandInput + | PutPublicAccessBlockConfigCommandInput + | PutResourcePolicyCommandInput | PutRuntimeManagementConfigCommandInput | RemoveLayerVersionPermissionCommandInput | RemovePermissionCommandInput @@ -364,6 +383,7 @@ export type ServiceOutputTypes = | DeleteFunctionUrlConfigCommandOutput | DeleteLayerVersionCommandOutput | DeleteProvisionedConcurrencyConfigCommandOutput + | DeleteResourcePolicyCommandOutput | GetAccountSettingsCommandOutput | GetAliasCommandOutput | GetCodeSigningConfigCommandOutput @@ -380,6 +400,8 @@ export type ServiceOutputTypes = | GetLayerVersionPolicyCommandOutput | GetPolicyCommandOutput | GetProvisionedConcurrencyConfigCommandOutput + | GetPublicAccessBlockConfigCommandOutput + | GetResourcePolicyCommandOutput | GetRuntimeManagementConfigCommandOutput | InvokeAsyncCommandOutput | InvokeCommandOutput @@ -403,6 +425,8 @@ export type ServiceOutputTypes = | PutFunctionEventInvokeConfigCommandOutput | PutFunctionRecursionConfigCommandOutput | PutProvisionedConcurrencyConfigCommandOutput + | PutPublicAccessBlockConfigCommandOutput + | PutResourcePolicyCommandOutput | PutRuntimeManagementConfigCommandOutput | RemoveLayerVersionPermissionCommandOutput | RemovePermissionCommandOutput diff --git a/clients/client-lambda/src/commands/DeleteResourcePolicyCommand.ts b/clients/client-lambda/src/commands/DeleteResourcePolicyCommand.ts new file mode 100644 index 000000000000..cd42085cf331 --- /dev/null +++ b/clients/client-lambda/src/commands/DeleteResourcePolicyCommand.ts @@ -0,0 +1,107 @@ +// smithy-typescript generated code +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { commonParams } from "../endpoint/EndpointParameters"; +import { LambdaClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../LambdaClient"; +import { DeleteResourcePolicyRequest } from "../models/models_0"; +import { de_DeleteResourcePolicyCommand, se_DeleteResourcePolicyCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link DeleteResourcePolicyCommand}. + */ +export interface DeleteResourcePolicyCommandInput extends DeleteResourcePolicyRequest {} +/** + * @public + * + * The output of {@link DeleteResourcePolicyCommand}. + */ +export interface DeleteResourcePolicyCommandOutput extends __MetadataBearer {} + +/** + *

Deletes a resource-based policy from a function.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { LambdaClient, DeleteResourcePolicyCommand } from "@aws-sdk/client-lambda"; // ES Modules import + * // const { LambdaClient, DeleteResourcePolicyCommand } = require("@aws-sdk/client-lambda"); // CommonJS import + * const client = new LambdaClient(config); + * const input = { // DeleteResourcePolicyRequest + * ResourceArn: "STRING_VALUE", // required + * RevisionId: "STRING_VALUE", + * }; + * const command = new DeleteResourcePolicyCommand(input); + * const response = await client.send(command); + * // {}; + * + * ``` + * + * @param DeleteResourcePolicyCommandInput - {@link DeleteResourcePolicyCommandInput} + * @returns {@link DeleteResourcePolicyCommandOutput} + * @see {@link DeleteResourcePolicyCommandInput} for command's `input` shape. + * @see {@link DeleteResourcePolicyCommandOutput} for command's `response` shape. + * @see {@link LambdaClientResolvedConfig | config} for LambdaClient's `config` shape. + * + * @throws {@link InvalidParameterValueException} (client fault) + *

One of the parameters in the request is not valid.

+ * + * @throws {@link PreconditionFailedException} (client fault) + *

The RevisionId provided does not match the latest RevisionId for the Lambda function or alias.

+ *
    + *
  • + *

    + * For AddPermission and RemovePermission API operations: Call GetPolicy to retrieve the latest RevisionId for your resource.

    + *
    • + *
  • + *

    + * For all other API operations: Call GetFunction or GetAlias to retrieve the latest RevisionId for your resource.

    + *
    • + *
+ * + * @throws {@link ResourceConflictException} (client fault) + *

The resource already exists, or another operation is in progress.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

The resource specified in the request does not exist.

+ * + * @throws {@link ServiceException} (server fault) + *

The Lambda service encountered an internal error.

+ * + * @throws {@link TooManyRequestsException} (client fault) + *

The request throughput limit was exceeded. For more information, see Lambda quotas.

+ * + * @throws {@link LambdaServiceException} + *

Base exception class for all service exceptions from Lambda service.

+ * + * @public + */ +export class DeleteResourcePolicyCommand extends $Command + .classBuilder< + DeleteResourcePolicyCommandInput, + DeleteResourcePolicyCommandOutput, + LambdaClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep(commonParams) + .m(function (this: any, Command: any, cs: any, config: LambdaClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + ]; + }) + .s("AWSGirApiService", "DeleteResourcePolicy", {}) + .n("LambdaClient", "DeleteResourcePolicyCommand") + .f(void 0, void 0) + .ser(se_DeleteResourcePolicyCommand) + .de(de_DeleteResourcePolicyCommand) + .build() {} diff --git a/clients/client-lambda/src/commands/GetPublicAccessBlockConfigCommand.ts b/clients/client-lambda/src/commands/GetPublicAccessBlockConfigCommand.ts new file mode 100644 index 000000000000..c14be0c78dbb --- /dev/null +++ b/clients/client-lambda/src/commands/GetPublicAccessBlockConfigCommand.ts @@ -0,0 +1,95 @@ +// smithy-typescript generated code +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { commonParams } from "../endpoint/EndpointParameters"; +import { LambdaClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../LambdaClient"; +import { GetPublicAccessBlockConfigRequest, GetPublicAccessBlockConfigResponse } from "../models/models_0"; +import { de_GetPublicAccessBlockConfigCommand, se_GetPublicAccessBlockConfigCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link GetPublicAccessBlockConfigCommand}. + */ +export interface GetPublicAccessBlockConfigCommandInput extends GetPublicAccessBlockConfigRequest {} +/** + * @public + * + * The output of {@link GetPublicAccessBlockConfigCommand}. + */ +export interface GetPublicAccessBlockConfigCommandOutput extends GetPublicAccessBlockConfigResponse, __MetadataBearer {} + +/** + *

Retrieve the public-access settings for a function.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { LambdaClient, GetPublicAccessBlockConfigCommand } from "@aws-sdk/client-lambda"; // ES Modules import + * // const { LambdaClient, GetPublicAccessBlockConfigCommand } = require("@aws-sdk/client-lambda"); // CommonJS import + * const client = new LambdaClient(config); + * const input = { // GetPublicAccessBlockConfigRequest + * ResourceArn: "STRING_VALUE", // required + * }; + * const command = new GetPublicAccessBlockConfigCommand(input); + * const response = await client.send(command); + * // { // GetPublicAccessBlockConfigResponse + * // PublicAccessBlockConfig: { // PublicAccessBlockConfig + * // BlockPublicPolicy: true || false, + * // RestrictPublicResource: true || false, + * // }, + * // }; + * + * ``` + * + * @param GetPublicAccessBlockConfigCommandInput - {@link GetPublicAccessBlockConfigCommandInput} + * @returns {@link GetPublicAccessBlockConfigCommandOutput} + * @see {@link GetPublicAccessBlockConfigCommandInput} for command's `input` shape. + * @see {@link GetPublicAccessBlockConfigCommandOutput} for command's `response` shape. + * @see {@link LambdaClientResolvedConfig | config} for LambdaClient's `config` shape. + * + * @throws {@link InvalidParameterValueException} (client fault) + *

One of the parameters in the request is not valid.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

The resource specified in the request does not exist.

+ * + * @throws {@link ServiceException} (server fault) + *

The Lambda service encountered an internal error.

+ * + * @throws {@link TooManyRequestsException} (client fault) + *

The request throughput limit was exceeded. For more information, see Lambda quotas.

+ * + * @throws {@link LambdaServiceException} + *

Base exception class for all service exceptions from Lambda service.

+ * + * @public + */ +export class GetPublicAccessBlockConfigCommand extends $Command + .classBuilder< + GetPublicAccessBlockConfigCommandInput, + GetPublicAccessBlockConfigCommandOutput, + LambdaClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep(commonParams) + .m(function (this: any, Command: any, cs: any, config: LambdaClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + ]; + }) + .s("AWSGirApiService", "GetPublicAccessBlockConfig", {}) + .n("LambdaClient", "GetPublicAccessBlockConfigCommand") + .f(void 0, void 0) + .ser(se_GetPublicAccessBlockConfigCommand) + .de(de_GetPublicAccessBlockConfigCommand) + .build() {} diff --git a/clients/client-lambda/src/commands/GetResourcePolicyCommand.ts b/clients/client-lambda/src/commands/GetResourcePolicyCommand.ts new file mode 100644 index 000000000000..6b0373a63a4a --- /dev/null +++ b/clients/client-lambda/src/commands/GetResourcePolicyCommand.ts @@ -0,0 +1,93 @@ +// smithy-typescript generated code +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { commonParams } from "../endpoint/EndpointParameters"; +import { LambdaClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../LambdaClient"; +import { GetResourcePolicyRequest, GetResourcePolicyResponse } from "../models/models_0"; +import { de_GetResourcePolicyCommand, se_GetResourcePolicyCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link GetResourcePolicyCommand}. + */ +export interface GetResourcePolicyCommandInput extends GetResourcePolicyRequest {} +/** + * @public + * + * The output of {@link GetResourcePolicyCommand}. + */ +export interface GetResourcePolicyCommandOutput extends GetResourcePolicyResponse, __MetadataBearer {} + +/** + *

Retrieves the resource-based policy attached to a function.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { LambdaClient, GetResourcePolicyCommand } from "@aws-sdk/client-lambda"; // ES Modules import + * // const { LambdaClient, GetResourcePolicyCommand } = require("@aws-sdk/client-lambda"); // CommonJS import + * const client = new LambdaClient(config); + * const input = { // GetResourcePolicyRequest + * ResourceArn: "STRING_VALUE", // required + * }; + * const command = new GetResourcePolicyCommand(input); + * const response = await client.send(command); + * // { // GetResourcePolicyResponse + * // Policy: "STRING_VALUE", + * // RevisionId: "STRING_VALUE", + * // }; + * + * ``` + * + * @param GetResourcePolicyCommandInput - {@link GetResourcePolicyCommandInput} + * @returns {@link GetResourcePolicyCommandOutput} + * @see {@link GetResourcePolicyCommandInput} for command's `input` shape. + * @see {@link GetResourcePolicyCommandOutput} for command's `response` shape. + * @see {@link LambdaClientResolvedConfig | config} for LambdaClient's `config` shape. + * + * @throws {@link InvalidParameterValueException} (client fault) + *

One of the parameters in the request is not valid.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

The resource specified in the request does not exist.

+ * + * @throws {@link ServiceException} (server fault) + *

The Lambda service encountered an internal error.

+ * + * @throws {@link TooManyRequestsException} (client fault) + *

The request throughput limit was exceeded. For more information, see Lambda quotas.

+ * + * @throws {@link LambdaServiceException} + *

Base exception class for all service exceptions from Lambda service.

+ * + * @public + */ +export class GetResourcePolicyCommand extends $Command + .classBuilder< + GetResourcePolicyCommandInput, + GetResourcePolicyCommandOutput, + LambdaClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep(commonParams) + .m(function (this: any, Command: any, cs: any, config: LambdaClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + ]; + }) + .s("AWSGirApiService", "GetResourcePolicy", {}) + .n("LambdaClient", "GetResourcePolicyCommand") + .f(void 0, void 0) + .ser(se_GetResourcePolicyCommand) + .de(de_GetResourcePolicyCommand) + .build() {} diff --git a/clients/client-lambda/src/commands/PutPublicAccessBlockConfigCommand.ts b/clients/client-lambda/src/commands/PutPublicAccessBlockConfigCommand.ts new file mode 100644 index 000000000000..ecd6588e6495 --- /dev/null +++ b/clients/client-lambda/src/commands/PutPublicAccessBlockConfigCommand.ts @@ -0,0 +1,106 @@ +// smithy-typescript generated code +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { commonParams } from "../endpoint/EndpointParameters"; +import { LambdaClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../LambdaClient"; +import { PutPublicAccessBlockConfigRequest, PutPublicAccessBlockConfigResponse } from "../models/models_0"; +import { de_PutPublicAccessBlockConfigCommand, se_PutPublicAccessBlockConfigCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link PutPublicAccessBlockConfigCommand}. + */ +export interface PutPublicAccessBlockConfigCommandInput extends PutPublicAccessBlockConfigRequest {} +/** + * @public + * + * The output of {@link PutPublicAccessBlockConfigCommand}. + */ +export interface PutPublicAccessBlockConfigCommandOutput extends PutPublicAccessBlockConfigResponse, __MetadataBearer {} + +/** + *

Configure your function's public-access settings.

+ *

To control public access to a Lambda function, you can choose whether to allow the creation of + * resource-based policies that + * allow public access to that function. You can also block public access to a function, even if it has an existing resource-based + * policy that allows it.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { LambdaClient, PutPublicAccessBlockConfigCommand } from "@aws-sdk/client-lambda"; // ES Modules import + * // const { LambdaClient, PutPublicAccessBlockConfigCommand } = require("@aws-sdk/client-lambda"); // CommonJS import + * const client = new LambdaClient(config); + * const input = { // PutPublicAccessBlockConfigRequest + * ResourceArn: "STRING_VALUE", // required + * PublicAccessBlockConfig: { // PublicAccessBlockConfig + * BlockPublicPolicy: true || false, + * RestrictPublicResource: true || false, + * }, + * }; + * const command = new PutPublicAccessBlockConfigCommand(input); + * const response = await client.send(command); + * // { // PutPublicAccessBlockConfigResponse + * // PublicAccessBlockConfig: { // PublicAccessBlockConfig + * // BlockPublicPolicy: true || false, + * // RestrictPublicResource: true || false, + * // }, + * // }; + * + * ``` + * + * @param PutPublicAccessBlockConfigCommandInput - {@link PutPublicAccessBlockConfigCommandInput} + * @returns {@link PutPublicAccessBlockConfigCommandOutput} + * @see {@link PutPublicAccessBlockConfigCommandInput} for command's `input` shape. + * @see {@link PutPublicAccessBlockConfigCommandOutput} for command's `response` shape. + * @see {@link LambdaClientResolvedConfig | config} for LambdaClient's `config` shape. + * + * @throws {@link InvalidParameterValueException} (client fault) + *

One of the parameters in the request is not valid.

+ * + * @throws {@link ResourceConflictException} (client fault) + *

The resource already exists, or another operation is in progress.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

The resource specified in the request does not exist.

+ * + * @throws {@link ServiceException} (server fault) + *

The Lambda service encountered an internal error.

+ * + * @throws {@link TooManyRequestsException} (client fault) + *

The request throughput limit was exceeded. For more information, see Lambda quotas.

+ * + * @throws {@link LambdaServiceException} + *

Base exception class for all service exceptions from Lambda service.

+ * + * @public + */ +export class PutPublicAccessBlockConfigCommand extends $Command + .classBuilder< + PutPublicAccessBlockConfigCommandInput, + PutPublicAccessBlockConfigCommandOutput, + LambdaClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep(commonParams) + .m(function (this: any, Command: any, cs: any, config: LambdaClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + ]; + }) + .s("AWSGirApiService", "PutPublicAccessBlockConfig", {}) + .n("LambdaClient", "PutPublicAccessBlockConfigCommand") + .f(void 0, void 0) + .ser(se_PutPublicAccessBlockConfigCommand) + .de(de_PutPublicAccessBlockConfigCommand) + .build() {} diff --git a/clients/client-lambda/src/commands/PutResourcePolicyCommand.ts b/clients/client-lambda/src/commands/PutResourcePolicyCommand.ts new file mode 100644 index 000000000000..d6751f7d6c69 --- /dev/null +++ b/clients/client-lambda/src/commands/PutResourcePolicyCommand.ts @@ -0,0 +1,129 @@ +// smithy-typescript generated code +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { commonParams } from "../endpoint/EndpointParameters"; +import { LambdaClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../LambdaClient"; +import { PutResourcePolicyRequest, PutResourcePolicyResponse } from "../models/models_0"; +import { de_PutResourcePolicyCommand, se_PutResourcePolicyCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link PutResourcePolicyCommand}. + */ +export interface PutResourcePolicyCommandInput extends PutResourcePolicyRequest {} +/** + * @public + * + * The output of {@link PutResourcePolicyCommand}. + */ +export interface PutResourcePolicyCommandOutput extends PutResourcePolicyResponse, __MetadataBearer {} + +/** + *

Adds a resource-based policy + * to a function. You can use resource-based policies to grant access to other + * Amazon Web Services accounts, + * organizations, or + * services. Resource-based policies + * apply to a single function, version, or alias.

+ * + *

Adding a resource-based policy using this API action replaces any existing policy you've previously created. This means that if + * you've previously added resource-based permissions to a function using the AddPermission action, those + * permissions will be overwritten by your new policy.

+ * + * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { LambdaClient, PutResourcePolicyCommand } from "@aws-sdk/client-lambda"; // ES Modules import + * // const { LambdaClient, PutResourcePolicyCommand } = require("@aws-sdk/client-lambda"); // CommonJS import + * const client = new LambdaClient(config); + * const input = { // PutResourcePolicyRequest + * ResourceArn: "STRING_VALUE", // required + * Policy: "STRING_VALUE", // required + * RevisionId: "STRING_VALUE", + * }; + * const command = new PutResourcePolicyCommand(input); + * const response = await client.send(command); + * // { // PutResourcePolicyResponse + * // Policy: "STRING_VALUE", + * // RevisionId: "STRING_VALUE", + * // }; + * + * ``` + * + * @param PutResourcePolicyCommandInput - {@link PutResourcePolicyCommandInput} + * @returns {@link PutResourcePolicyCommandOutput} + * @see {@link PutResourcePolicyCommandInput} for command's `input` shape. + * @see {@link PutResourcePolicyCommandOutput} for command's `response` shape. + * @see {@link LambdaClientResolvedConfig | config} for LambdaClient's `config` shape. + * + * @throws {@link InvalidParameterValueException} (client fault) + *

One of the parameters in the request is not valid.

+ * + * @throws {@link PolicyLengthExceededException} (client fault) + *

The permissions policy for the resource is too large. For more information, see Lambda quotas.

+ * + * @throws {@link PreconditionFailedException} (client fault) + *

The RevisionId provided does not match the latest RevisionId for the Lambda function or alias.

+ *
    + *
  • + *

    + * For AddPermission and RemovePermission API operations: Call GetPolicy to retrieve the latest RevisionId for your resource.

    + *
    • + *
  • + *

    + * For all other API operations: Call GetFunction or GetAlias to retrieve the latest RevisionId for your resource.

    + *
    • + *
+ * + * @throws {@link PublicPolicyException} (client fault) + *

Lambda prevented your policy from being created because it would grant public access to your function. If you intended to + * create a public policy, use the PutPublicAccessBlockConfig API action to configure your function's public-access settings + * to allow public policies.

+ * + * @throws {@link ResourceConflictException} (client fault) + *

The resource already exists, or another operation is in progress.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

The resource specified in the request does not exist.

+ * + * @throws {@link ServiceException} (server fault) + *

The Lambda service encountered an internal error.

+ * + * @throws {@link TooManyRequestsException} (client fault) + *

The request throughput limit was exceeded. For more information, see Lambda quotas.

+ * + * @throws {@link LambdaServiceException} + *

Base exception class for all service exceptions from Lambda service.

+ * + * @public + */ +export class PutResourcePolicyCommand extends $Command + .classBuilder< + PutResourcePolicyCommandInput, + PutResourcePolicyCommandOutput, + LambdaClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep(commonParams) + .m(function (this: any, Command: any, cs: any, config: LambdaClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + ]; + }) + .s("AWSGirApiService", "PutResourcePolicy", {}) + .n("LambdaClient", "PutResourcePolicyCommand") + .f(void 0, void 0) + .ser(se_PutResourcePolicyCommand) + .de(de_PutResourcePolicyCommand) + .build() {} diff --git a/clients/client-lambda/src/commands/index.ts b/clients/client-lambda/src/commands/index.ts index d1001072d7ea..e7d9d57e234f 100644 --- a/clients/client-lambda/src/commands/index.ts +++ b/clients/client-lambda/src/commands/index.ts @@ -16,6 +16,7 @@ export * from "./DeleteFunctionEventInvokeConfigCommand"; export * from "./DeleteFunctionUrlConfigCommand"; export * from "./DeleteLayerVersionCommand"; export * from "./DeleteProvisionedConcurrencyConfigCommand"; +export * from "./DeleteResourcePolicyCommand"; export * from "./GetAccountSettingsCommand"; export * from "./GetAliasCommand"; export * from "./GetCodeSigningConfigCommand"; @@ -32,6 +33,8 @@ export * from "./GetLayerVersionCommand"; export * from "./GetLayerVersionPolicyCommand"; export * from "./GetPolicyCommand"; export * from "./GetProvisionedConcurrencyConfigCommand"; +export * from "./GetPublicAccessBlockConfigCommand"; +export * from "./GetResourcePolicyCommand"; export * from "./GetRuntimeManagementConfigCommand"; export * from "./InvokeAsyncCommand"; export * from "./InvokeCommand"; @@ -55,6 +58,8 @@ export * from "./PutFunctionConcurrencyCommand"; export * from "./PutFunctionEventInvokeConfigCommand"; export * from "./PutFunctionRecursionConfigCommand"; export * from "./PutProvisionedConcurrencyConfigCommand"; +export * from "./PutPublicAccessBlockConfigCommand"; +export * from "./PutResourcePolicyCommand"; export * from "./PutRuntimeManagementConfigCommand"; export * from "./RemoveLayerVersionPermissionCommand"; export * from "./RemovePermissionCommand"; diff --git a/clients/client-lambda/src/models/models_0.ts b/clients/client-lambda/src/models/models_0.ts index d28a45eb490c..ac39ab22c104 100644 --- a/clients/client-lambda/src/models/models_0.ts +++ b/clients/client-lambda/src/models/models_0.ts @@ -3176,6 +3176,25 @@ export interface DeleteProvisionedConcurrencyConfigRequest { Qualifier: string | undefined; } +/** + * @public + */ +export interface DeleteResourcePolicyRequest { + /** + *

The Amazon Resource Name (ARN) of the function you want to delete the policy from. You can use either a qualified or an unqualified ARN, + * but the value you specify must be a complete ARN and wildcard characters are not accepted.

+ * @public + */ + ResourceArn: string | undefined; + + /** + *

Delete the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached + * to your function, use the GetResourcePolicy action.

+ * @public + */ + RevisionId?: string; +} + /** * @public */ @@ -4080,6 +4099,78 @@ export class ProvisionedConcurrencyConfigNotFoundException extends __BaseExcepti } } +/** + * @public + */ +export interface GetPublicAccessBlockConfigRequest { + /** + *

The Amazon Resource Name (ARN) of the function you want to retrieve public-access settings for.

+ * @public + */ + ResourceArn: string | undefined; +} + +/** + *

An object that defines the public-access settings for a function.

+ * @public + */ +export interface PublicAccessBlockConfig { + /** + *

To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy + * to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy + * to false.

+ * @public + */ + BlockPublicPolicy?: boolean; + + /** + *

To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To + * allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

+ * @public + */ + RestrictPublicResource?: boolean; +} + +/** + * @public + */ +export interface GetPublicAccessBlockConfigResponse { + /** + *

The public-access settings configured for the function you specified

+ * @public + */ + PublicAccessBlockConfig?: PublicAccessBlockConfig; +} + +/** + * @public + */ +export interface GetResourcePolicyRequest { + /** + *

The Amazon Resource Name (ARN) of the function you want to retrieve the policy for. You can use either a qualified or an unqualified ARN, + * but the value you specify must be a complete ARN and wildcard characters are not accepted.

+ * @public + */ + ResourceArn: string | undefined; +} + +/** + * @public + */ +export interface GetResourcePolicyResponse { + /** + *

The resource-based policy attached to the function you specified.

+ * @public + */ + Policy?: string; + + /** + *

The revision ID of the policy.

+ * @public + */ + RevisionId?: string; +} + /** * @public */ @@ -6591,6 +6682,117 @@ export interface PutProvisionedConcurrencyConfigResponse { LastModified?: string; } +/** + * @public + */ +export interface PutPublicAccessBlockConfigRequest { + /** + *

The Amazon Resource Name (ARN) of the function you want to configure public-access settings for. Public-access settings + * are applied at the function level, so you can't apply different settings to function versions or aliases.

+ * @public + */ + ResourceArn: string | undefined; + + /** + *

An object defining the public-access settings you want to apply.

+ *

To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy + * to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy + * to false.

+ *

To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To + * allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

+ *

The default setting for both BlockPublicPolicy and RestrictPublicResource is true.

+ * @public + */ + PublicAccessBlockConfig: PublicAccessBlockConfig | undefined; +} + +/** + * @public + */ +export interface PutPublicAccessBlockConfigResponse { + /** + *

The public-access settings Lambda applied to your function.

+ * @public + */ + PublicAccessBlockConfig?: PublicAccessBlockConfig; +} + +/** + *

Lambda prevented your policy from being created because it would grant public access to your function. If you intended to + * create a public policy, use the PutPublicAccessBlockConfig API action to configure your function's public-access settings + * to allow public policies.

+ * @public + */ +export class PublicPolicyException extends __BaseException { + readonly name: "PublicPolicyException" = "PublicPolicyException"; + readonly $fault: "client" = "client"; + /** + *

The exception type.

+ * @public + */ + Type?: string; + + Message?: string; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "PublicPolicyException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, PublicPolicyException.prototype); + this.Type = opts.Type; + this.Message = opts.Message; + } +} + +/** + * @public + */ +export interface PutResourcePolicyRequest { + /** + *

The Amazon Resource Name (ARN) of the function you want to add the policy to. You can use either a qualified or an unqualified ARN, + * but the value you specify must be a complete ARN and wildcard characters are not accepted.

+ * @public + */ + ResourceArn: string | undefined; + + /** + *

The JSON resource-based policy you want to add to your function.

+ *

To learn more about creating resource-based policies for controlling access to + * Lambda, see Working with resource-based IAM policies in Lambda in the + * Lambda Developer Guide.

+ * @public + */ + Policy: string | undefined; + + /** + *

Replace the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached + * to your function, use the GetResourcePolicy action.

+ * @public + */ + RevisionId?: string; +} + +/** + * @public + */ +export interface PutResourcePolicyResponse { + /** + *

The policy Lambda added to your function.

+ * @public + */ + Policy?: string; + + /** + *

The revision ID of the policy Lambda added to your function.

+ * @public + */ + RevisionId?: string; +} + /** * @public */ diff --git a/clients/client-lambda/src/protocols/Aws_restJson1.ts b/clients/client-lambda/src/protocols/Aws_restJson1.ts index 660509819981..ac50673fceaf 100644 --- a/clients/client-lambda/src/protocols/Aws_restJson1.ts +++ b/clients/client-lambda/src/protocols/Aws_restJson1.ts @@ -79,6 +79,10 @@ import { DeleteProvisionedConcurrencyConfigCommandInput, DeleteProvisionedConcurrencyConfigCommandOutput, } from "../commands/DeleteProvisionedConcurrencyConfigCommand"; +import { + DeleteResourcePolicyCommandInput, + DeleteResourcePolicyCommandOutput, +} from "../commands/DeleteResourcePolicyCommand"; import { GetAccountSettingsCommandInput, GetAccountSettingsCommandOutput } from "../commands/GetAccountSettingsCommand"; import { GetAliasCommandInput, GetAliasCommandOutput } from "../commands/GetAliasCommand"; import { @@ -128,6 +132,11 @@ import { GetProvisionedConcurrencyConfigCommandInput, GetProvisionedConcurrencyConfigCommandOutput, } from "../commands/GetProvisionedConcurrencyConfigCommand"; +import { + GetPublicAccessBlockConfigCommandInput, + GetPublicAccessBlockConfigCommandOutput, +} from "../commands/GetPublicAccessBlockConfigCommand"; +import { GetResourcePolicyCommandInput, GetResourcePolicyCommandOutput } from "../commands/GetResourcePolicyCommand"; import { GetRuntimeManagementConfigCommandInput, GetRuntimeManagementConfigCommandOutput, @@ -196,6 +205,11 @@ import { PutProvisionedConcurrencyConfigCommandInput, PutProvisionedConcurrencyConfigCommandOutput, } from "../commands/PutProvisionedConcurrencyConfigCommand"; +import { + PutPublicAccessBlockConfigCommandInput, + PutPublicAccessBlockConfigCommandOutput, +} from "../commands/PutPublicAccessBlockConfigCommand"; +import { PutResourcePolicyCommandInput, PutResourcePolicyCommandOutput } from "../commands/PutResourcePolicyCommand"; import { PutRuntimeManagementConfigCommandInput, PutRuntimeManagementConfigCommandOutput, @@ -284,6 +298,8 @@ import { PolicyLengthExceededException, PreconditionFailedException, ProvisionedConcurrencyConfigNotFoundException, + PublicAccessBlockConfig, + PublicPolicyException, RecursiveInvocationException, RequestTooLargeException, ResourceConflictException, @@ -713,6 +729,25 @@ export const se_DeleteProvisionedConcurrencyConfigCommand = async ( return b.build(); }; +/** + * serializeAws_restJson1DeleteResourcePolicyCommand + */ +export const se_DeleteResourcePolicyCommand = async ( + input: DeleteResourcePolicyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const b = rb(input, context); + const headers: any = {}; + b.bp("/2024-09-16/resource-policy/{ResourceArn}"); + b.p("ResourceArn", () => input.ResourceArn!, "{ResourceArn}", false); + const query: any = map({ + [_RI]: [, input[_RI]!], + }); + let body: any; + b.m("DELETE").h(headers).q(query).b(body); + return b.build(); +}; + /** * serializeAws_restJson1GetAccountSettingsCommand */ @@ -992,6 +1027,38 @@ export const se_GetProvisionedConcurrencyConfigCommand = async ( return b.build(); }; +/** + * serializeAws_restJson1GetPublicAccessBlockConfigCommand + */ +export const se_GetPublicAccessBlockConfigCommand = async ( + input: GetPublicAccessBlockConfigCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const b = rb(input, context); + const headers: any = {}; + b.bp("/2024-09-16/public-access-block/{ResourceArn}"); + b.p("ResourceArn", () => input.ResourceArn!, "{ResourceArn}", false); + let body: any; + b.m("GET").h(headers).b(body); + return b.build(); +}; + +/** + * serializeAws_restJson1GetResourcePolicyCommand + */ +export const se_GetResourcePolicyCommand = async ( + input: GetResourcePolicyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const b = rb(input, context); + const headers: any = {}; + b.bp("/2024-09-16/resource-policy/{ResourceArn}"); + b.p("ResourceArn", () => input.ResourceArn!, "{ResourceArn}", false); + let body: any; + b.m("GET").h(headers).b(body); + return b.build(); +}; + /** * serializeAws_restJson1GetRuntimeManagementConfigCommand */ @@ -1500,6 +1567,53 @@ export const se_PutProvisionedConcurrencyConfigCommand = async ( return b.build(); }; +/** + * serializeAws_restJson1PutPublicAccessBlockConfigCommand + */ +export const se_PutPublicAccessBlockConfigCommand = async ( + input: PutPublicAccessBlockConfigCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const b = rb(input, context); + const headers: any = { + "content-type": "application/json", + }; + b.bp("/2024-09-16/public-access-block/{ResourceArn}"); + b.p("ResourceArn", () => input.ResourceArn!, "{ResourceArn}", false); + let body: any; + body = JSON.stringify( + take(input, { + PublicAccessBlockConfig: (_) => _json(_), + }) + ); + b.m("PUT").h(headers).b(body); + return b.build(); +}; + +/** + * serializeAws_restJson1PutResourcePolicyCommand + */ +export const se_PutResourcePolicyCommand = async ( + input: PutResourcePolicyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const b = rb(input, context); + const headers: any = { + "content-type": "application/json", + }; + b.bp("/2024-09-16/resource-policy/{ResourceArn}"); + b.p("ResourceArn", () => input.ResourceArn!, "{ResourceArn}", false); + let body: any; + body = JSON.stringify( + take(input, { + Policy: [], + RevisionId: [], + }) + ); + b.m("PUT").h(headers).b(body); + return b.build(); +}; + /** * serializeAws_restJson1PutRuntimeManagementConfigCommand */ @@ -2254,6 +2368,23 @@ export const de_DeleteProvisionedConcurrencyConfigCommand = async ( return contents; }; +/** + * deserializeAws_restJson1DeleteResourcePolicyCommand + */ +export const de_DeleteResourcePolicyCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 204 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + await collectBody(output.body, context); + return contents; +}; + /** * deserializeAws_restJson1GetAccountSettingsCommand */ @@ -2696,6 +2827,49 @@ export const de_GetProvisionedConcurrencyConfigCommand = async ( return contents; }; +/** + * deserializeAws_restJson1GetPublicAccessBlockConfigCommand + */ +export const de_GetPublicAccessBlockConfigCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + PublicAccessBlockConfig: _json, + }); + Object.assign(contents, doc); + return contents; +}; + +/** + * deserializeAws_restJson1GetResourcePolicyCommand + */ +export const de_GetResourcePolicyCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + Policy: __expectString, + RevisionId: __expectString, + }); + Object.assign(contents, doc); + return contents; +}; + /** * deserializeAws_restJson1GetRuntimeManagementConfigCommand */ @@ -3249,6 +3423,49 @@ export const de_PutProvisionedConcurrencyConfigCommand = async ( return contents; }; +/** + * deserializeAws_restJson1PutPublicAccessBlockConfigCommand + */ +export const de_PutPublicAccessBlockConfigCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + PublicAccessBlockConfig: _json, + }); + Object.assign(contents, doc); + return contents; +}; + +/** + * deserializeAws_restJson1PutResourcePolicyCommand + */ +export const de_PutResourcePolicyCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + Policy: __expectString, + RevisionId: __expectString, + }); + Object.assign(contents, doc); + return contents; +}; + /** * deserializeAws_restJson1PutRuntimeManagementConfigCommand */ @@ -3724,6 +3941,9 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): case "UnsupportedMediaTypeException": case "com.amazonaws.lambda#UnsupportedMediaTypeException": throw await de_UnsupportedMediaTypeExceptionRes(parsedOutput, context); + case "PublicPolicyException": + case "com.amazonaws.lambda#PublicPolicyException": + throw await de_PublicPolicyExceptionRes(parsedOutput, context); default: const parsedBody = parsedOutput.body; return throwDefaultError({ @@ -4258,6 +4478,27 @@ const de_ProvisionedConcurrencyConfigNotFoundExceptionRes = async ( return __decorateServiceException(exception, parsedOutput.body); }; +/** + * deserializeAws_restJson1PublicPolicyExceptionRes + */ +const de_PublicPolicyExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + Message: __expectString, + Type: __expectString, + }); + Object.assign(contents, doc); + const exception = new PublicPolicyException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + /** * deserializeAws_restJson1RecursiveInvocationExceptionRes */ @@ -4671,6 +4912,8 @@ const se_LayerVersionContentInput = (input: LayerVersionContentInput, context: _ // se_OnSuccess omitted. +// se_PublicAccessBlockConfig omitted. + // se_Queues omitted. // se_ScalingConfig omitted. @@ -4929,6 +5172,8 @@ const de_FunctionEventInvokeConfigList = (output: any, context: __SerdeContext): // de_ProvisionedConcurrencyConfigListItem omitted. +// de_PublicAccessBlockConfig omitted. + // de_Queues omitted. // de_RuntimeVersionConfig omitted. diff --git a/codegen/sdk-codegen/aws-models/lambda.json b/codegen/sdk-codegen/aws-models/lambda.json index c0288cab588b..c73cd56e49bd 100644 --- a/codegen/sdk-codegen/aws-models/lambda.json +++ b/codegen/sdk-codegen/aws-models/lambda.json @@ -84,6 +84,9 @@ { "target": "com.amazonaws.lambda#DeleteProvisionedConcurrencyConfig" }, + { + "target": "com.amazonaws.lambda#DeleteResourcePolicy" + }, { "target": "com.amazonaws.lambda#GetAccountSettings" }, @@ -132,6 +135,12 @@ { "target": "com.amazonaws.lambda#GetProvisionedConcurrencyConfig" }, + { + "target": "com.amazonaws.lambda#GetPublicAccessBlockConfig" + }, + { + "target": "com.amazonaws.lambda#GetResourcePolicy" + }, { "target": "com.amazonaws.lambda#GetRuntimeManagementConfig" }, @@ -201,6 +210,12 @@ { "target": "com.amazonaws.lambda#PutProvisionedConcurrencyConfig" }, + { + "target": "com.amazonaws.lambda#PutPublicAccessBlockConfig" + }, + { + "target": "com.amazonaws.lambda#PutResourcePolicy" + }, { "target": "com.amazonaws.lambda#PutRuntimeManagementConfig" }, @@ -3576,6 +3591,66 @@ "smithy.api#input": {} } }, + "com.amazonaws.lambda#DeleteResourcePolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#DeleteResourcePolicyRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#PreconditionFailedException" + }, + { + "target": "com.amazonaws.lambda#ResourceConflictException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "

Deletes a resource-based policy from a function.

", + "smithy.api#http": { + "method": "DELETE", + "uri": "/2024-09-16/resource-policy/{ResourceArn}", + "code": 204 + } + } + }, + "com.amazonaws.lambda#DeleteResourcePolicyRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PolicyResourceArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the function you want to delete the policy from. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.

", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "

Delete the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached \n to your function, use the GetResourcePolicy action.

", + "smithy.api#httpQuery": "RevisionId" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, "com.amazonaws.lambda#Description": { "type": "string", "traits": { @@ -6100,6 +6175,134 @@ "smithy.api#output": {} } }, + "com.amazonaws.lambda#GetPublicAccessBlockConfig": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#GetPublicAccessBlockConfigRequest" + }, + "output": { + "target": "com.amazonaws.lambda#GetPublicAccessBlockConfigResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "

Retrieve the public-access settings for a function.

", + "smithy.api#http": { + "method": "GET", + "uri": "/2024-09-16/public-access-block/{ResourceArn}", + "code": 200 + } + } + }, + "com.amazonaws.lambda#GetPublicAccessBlockConfigRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PublicAccessBlockResourceArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the function you want to retrieve public-access settings for.

", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.lambda#GetPublicAccessBlockConfigResponse": { + "type": "structure", + "members": { + "PublicAccessBlockConfig": { + "target": "com.amazonaws.lambda#PublicAccessBlockConfig", + "traits": { + "smithy.api#documentation": "

The public-access settings configured for the function you specified

" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.lambda#GetResourcePolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#GetResourcePolicyRequest" + }, + "output": { + "target": "com.amazonaws.lambda#GetResourcePolicyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "

Retrieves the resource-based policy attached to a function.

", + "smithy.api#http": { + "method": "GET", + "uri": "/2024-09-16/resource-policy/{ResourceArn}", + "code": 200 + } + } + }, + "com.amazonaws.lambda#GetResourcePolicyRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PolicyResourceArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the function you want to retrieve the policy for. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.

", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.lambda#GetResourcePolicyResponse": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.lambda#ResourcePolicy", + "traits": { + "smithy.api#documentation": "

The resource-based policy attached to the function you specified.

" + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "

The revision ID of the policy.

" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.lambda#GetRuntimeManagementConfig": { "type": "operation", "input": { @@ -8886,6 +9089,16 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.lambda#PolicyResourceArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 256 + }, + "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_])+)?$" + } + }, "com.amazonaws.lambda#PositiveInteger": { "type": "integer", "traits": { @@ -9027,6 +9240,55 @@ } } }, + "com.amazonaws.lambda#PublicAccessBlockConfig": { + "type": "structure", + "members": { + "BlockPublicPolicy": { + "target": "com.amazonaws.lambda#NullableBoolean", + "traits": { + "smithy.api#documentation": "

To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to false.

" + } + }, + "RestrictPublicResource": { + "target": "com.amazonaws.lambda#NullableBoolean", + "traits": { + "smithy.api#documentation": "

To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To \n allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

An object that defines the public-access settings for a function.

" + } + }, + "com.amazonaws.lambda#PublicAccessBlockResourceArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 170 + }, + "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+$" + } + }, + "com.amazonaws.lambda#PublicPolicyException": { + "type": "structure", + "members": { + "Type": { + "target": "com.amazonaws.lambda#String", + "traits": { + "smithy.api#documentation": "

The exception type.

" + } + }, + "Message": { + "target": "com.amazonaws.lambda#String" + } + }, + "traits": { + "smithy.api#documentation": "

Lambda prevented your policy from being created because it would grant public access to your function. If you intended to \n create a public policy, use the PutPublicAccessBlockConfig API action to configure your function's public-access settings \n to allow public policies.

", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, "com.amazonaws.lambda#PublishLayerVersion": { "type": "operation", "input": { @@ -9639,6 +9901,169 @@ "smithy.api#output": {} } }, + "com.amazonaws.lambda#PutPublicAccessBlockConfig": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#PutPublicAccessBlockConfigRequest" + }, + "output": { + "target": "com.amazonaws.lambda#PutPublicAccessBlockConfigResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#ResourceConflictException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "

Configure your function's public-access settings.

\n

To control public access to a Lambda function, you can choose whether to allow the creation of \n resource-based policies that \n allow public access to that function. You can also block public access to a function, even if it has an existing resource-based \n policy that allows it.

", + "smithy.api#http": { + "method": "PUT", + "uri": "/2024-09-16/public-access-block/{ResourceArn}", + "code": 200 + } + } + }, + "com.amazonaws.lambda#PutPublicAccessBlockConfigRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PublicAccessBlockResourceArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the function you want to configure public-access settings for. Public-access settings \n are applied at the function level, so you can't apply different settings to function versions or aliases.

", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "PublicAccessBlockConfig": { + "target": "com.amazonaws.lambda#PublicAccessBlockConfig", + "traits": { + "smithy.api#documentation": "

An object defining the public-access settings you want to apply.

\n

To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to false.

\n

To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To \n allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

\n

The default setting for both BlockPublicPolicy and RestrictPublicResource is true.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.lambda#PutPublicAccessBlockConfigResponse": { + "type": "structure", + "members": { + "PublicAccessBlockConfig": { + "target": "com.amazonaws.lambda#PublicAccessBlockConfig", + "traits": { + "smithy.api#documentation": "

The public-access settings Lambda applied to your function.

" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.lambda#PutResourcePolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#PutResourcePolicyRequest" + }, + "output": { + "target": "com.amazonaws.lambda#PutResourcePolicyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#PolicyLengthExceededException" + }, + { + "target": "com.amazonaws.lambda#PreconditionFailedException" + }, + { + "target": "com.amazonaws.lambda#PublicPolicyException" + }, + { + "target": "com.amazonaws.lambda#ResourceConflictException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "

Adds a resource-based policy \n to a function. You can use resource-based policies to grant access to other \n Amazon Web Services accounts, \n organizations, or \n services. Resource-based policies \n apply to a single function, version, or alias.

\n \n

Adding a resource-based policy using this API action replaces any existing policy you've previously created. This means that if \n you've previously added resource-based permissions to a function using the AddPermission action, those \n permissions will be overwritten by your new policy.

\n ", + "smithy.api#http": { + "method": "PUT", + "uri": "/2024-09-16/resource-policy/{ResourceArn}", + "code": 200 + } + } + }, + "com.amazonaws.lambda#PutResourcePolicyRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PolicyResourceArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the function you want to add the policy to. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.

", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "Policy": { + "target": "com.amazonaws.lambda#ResourcePolicy", + "traits": { + "smithy.api#documentation": "

The JSON resource-based policy you want to add to your function.

\n

To learn more about creating resource-based policies for controlling access to \n Lambda, see Working with resource-based IAM policies in Lambda in the \n Lambda Developer Guide.

", + "smithy.api#required": {} + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "

Replace the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached \n to your function, use the GetResourcePolicy action.

" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.lambda#PutResourcePolicyResponse": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.lambda#ResourcePolicy", + "traits": { + "smithy.api#documentation": "

The policy Lambda added to your function.

" + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "

The revision ID of the policy Lambda added to your function.

" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.lambda#PutRuntimeManagementConfig": { "type": "operation", "input": { @@ -10060,6 +10485,16 @@ "smithy.api#httpError": 502 } }, + "com.amazonaws.lambda#ResourcePolicy": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 20480 + }, + "smithy.api#pattern": "^[\\s\\S]+$" + } + }, "com.amazonaws.lambda#ResponseStreamingInvocationType": { "type": "enum", "members": { @@ -10077,6 +10512,16 @@ } } }, + "com.amazonaws.lambda#RevisionId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 36, + "max": 36 + }, + "smithy.api#pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + } + }, "com.amazonaws.lambda#RoleArn": { "type": "string", "traits": {