feat(client-lambda): Tagging support for Lambda event source mapping,…

… and code signing configuration resources.

clients/client-lambda/src/commands/AddPermissionCommand.ts

@@ -28,7 +28,7 @@ export interface AddPermissionCommandInput extends AddPermissionRequest {}
 export interface AddPermissionCommandOutput extends AddPermissionResponse, __MetadataBearer {}
 
 /**
- * <p>Grants an Amazon Web Servicesservice, Amazon Web Services account, or Amazon Web Services organization
+ * <p>Grants a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#Principal_specifying">principal</a>
  *       permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict
  *       access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name
  *       (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies
@@ -93,6 +93,11 @@ export interface AddPermissionCommandOutput extends AddPermissionResponse, __Met
  *             </li>
  *          </ul>
  *
+ * @throws {@link PublicPolicyException} (client fault)
+ *  <p>Lambda prevented your policy from being created because it would grant public access to your function. If you intended to
+ *       create a public policy, use the <a>PutPublicAccessBlockConfig</a> API action to configure your function's public-access settings
+ *       to allow public policies.</p>
+ *
  * @throws {@link ResourceConflictException} (client fault)
  *  <p>The resource already exists, or another operation is in progress.</p>
  *

clients/client-lambda/src/commands/CreateCodeSigningConfigCommand.ts

@@ -47,6 +47,9 @@ export interface CreateCodeSigningConfigCommandOutput extends CreateCodeSigningC
  *   CodeSigningPolicies: { // CodeSigningPolicies
  *     UntrustedArtifactOnDeployment: "Warn" || "Enforce",
  *   },
+ *   Tags: { // Tags
+ *     "<keys>": "STRING_VALUE",
+ *   },
  * };
  * const command = new CreateCodeSigningConfigCommand(input);
  * const response = await client.send(command);

clients/client-lambda/src/commands/CreateEventSourceMappingCommand.ts

@@ -175,6 +175,9 @@ export interface CreateEventSourceMappingCommandOutput extends EventSourceMappin
  *   MaximumRecordAgeInSeconds: Number("int"),
  *   BisectBatchOnFunctionError: true || false,
  *   MaximumRetryAttempts: Number("int"),
+ *   Tags: { // Tags
+ *     "<keys>": "STRING_VALUE",
+ *   },
  *   TumblingWindowInSeconds: Number("int"),
  *   Topics: [ // Topics
  *     "STRING_VALUE",
@@ -289,6 +292,7 @@ export interface CreateEventSourceMappingCommandOutput extends EventSourceMappin
  * //     ErrorCode: "STRING_VALUE",
  * //     Message: "STRING_VALUE",
  * //   },
+ * //   EventSourceMappingArn: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-lambda/src/commands/DeleteEventSourceMappingCommand.ts

@@ -116,6 +116,7 @@ export interface DeleteEventSourceMappingCommandOutput extends EventSourceMappin
  * //     ErrorCode: "STRING_VALUE",
  * //     Message: "STRING_VALUE",
  * //   },
+ * //   EventSourceMappingArn: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-lambda/src/commands/DeleteResourcePolicyCommand.ts

@@ -28,7 +28,11 @@ export interface DeleteResourcePolicyCommandInput extends DeleteResourcePolicyRe
 export interface DeleteResourcePolicyCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Deletes a <a href="https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html">resource-based policy</a> from a function.</p>
+ * <note>
+ *             <p>The option to create and modify full JSON resource-based policies, and to use the PutResourcePolicy, GetResourcePolicy, and DeleteResourcePolicy APIs, won't be
+ *       available in all Amazon Web Services Regions until September 30, 2024.</p>
+ *          </note>
+ *          <p>Deletes a <a href="https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html">resource-based policy</a> from a function.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-lambda/src/commands/GetEventSourceMappingCommand.ts

@@ -114,6 +114,7 @@ export interface GetEventSourceMappingCommandOutput extends EventSourceMappingCo
  * //     ErrorCode: "STRING_VALUE",
  * //     Message: "STRING_VALUE",
  * //   },
+ * //   EventSourceMappingArn: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-lambda/src/commands/GetPublicAccessBlockConfigCommand.ts

@@ -28,7 +28,11 @@ export interface GetPublicAccessBlockConfigCommandInput extends GetPublicAccessB
 export interface GetPublicAccessBlockConfigCommandOutput extends GetPublicAccessBlockConfigResponse, __MetadataBearer {}
 
 /**
- * <p>Retrieve the public-access settings for a function.</p>
+ * <note>
+ *             <p>The option to configure public-access settings, and to use the PutPublicAccessBlock and GetPublicAccessBlock APIs, won't be
+ *       available in all Amazon Web Services Regions until September 30, 2024.</p>
+ *          </note>
+ *          <p>Retrieve the public-access settings for a function.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-lambda/src/commands/GetResourcePolicyCommand.ts

@@ -28,7 +28,11 @@ export interface GetResourcePolicyCommandInput extends GetResourcePolicyRequest
 export interface GetResourcePolicyCommandOutput extends GetResourcePolicyResponse, __MetadataBearer {}
 
 /**
- * <p>Retrieves the <a href="https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html">resource-based policy</a> attached to a function.</p>
+ * <note>
+ *             <p>The option to create and modify full JSON resource-based policies, and to use the PutResourcePolicy, GetResourcePolicy, and DeleteResourcePolicy APIs, won't be
+ *       available in all Amazon Web Services Regions until September 30, 2024.</p>
+ *          </note>
+ *          <p>Retrieves the <a href="https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html">resource-based policy</a> attached to a function.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-lambda/src/commands/ListEventSourceMappingsCommand.ts

@@ -120,6 +120,7 @@ export interface ListEventSourceMappingsCommandOutput extends ListEventSourceMap
  * //         ErrorCode: "STRING_VALUE",
  * //         Message: "STRING_VALUE",
  * //       },
+ * //       EventSourceMappingArn: "STRING_VALUE",
  * //     },
  * //   ],
  * // };

clients/client-lambda/src/commands/ListTagsCommand.ts

@@ -28,8 +28,8 @@ export interface ListTagsCommandInput extends ListTagsRequest {}
 export interface ListTagsCommandOutput extends ListTagsResponse, __MetadataBearer {}
 
 /**
- * <p>Returns a function's <a href="https://docs.aws.amazon.com/lambda/latest/dg/tagging.html">tags</a>. You can
- *       also view tags with <a>GetFunction</a>.</p>
+ * <p>Returns a function, event source mapping, or code signing configuration's <a href="https://docs.aws.amazon.com/lambda/latest/dg/tagging.html">tags</a>. You can
+ *       also view funciton tags with <a>GetFunction</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-lambda/src/commands/PutPublicAccessBlockConfigCommand.ts

@@ -28,7 +28,11 @@ export interface PutPublicAccessBlockConfigCommandInput extends PutPublicAccessB
 export interface PutPublicAccessBlockConfigCommandOutput extends PutPublicAccessBlockConfigResponse, __MetadataBearer {}
 
 /**
- * <p>Configure your function's public-access settings.</p>
+ * <note>
+ *             <p>The option to configure public-access settings, and to use the PutPublicAccessBlock and GetPublicAccessBlock APIs, won't be
+ *       available in all Amazon Web Services Regions until September 30, 2024.</p>
+ *          </note>
+ *          <p>Configure your function's public-access settings.</p>
  *          <p>To control public access to a Lambda function, you can choose whether to allow the creation of
  *       <a href="https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html">resource-based policies</a> that
  *       allow public access to that function. You can also block public access to a function, even if it has an existing resource-based

clients/client-lambda/src/commands/PutResourcePolicyCommand.ts

@@ -28,7 +28,11 @@ export interface PutResourcePolicyCommandInput extends PutResourcePolicyRequest
 export interface PutResourcePolicyCommandOutput extends PutResourcePolicyResponse, __MetadataBearer {}
 
 /**
- * <p>Adds a <a href="https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html">resource-based policy</a>
+ * <note>
+ *             <p>The option to create and modify full JSON resource-based policies, and to use the PutResourcePolicy, GetResourcePolicy, and DeleteResourcePolicy APIs, won't be
+ *       available in all Amazon Web Services Regions until September 30, 2024.</p>
+ *          </note>
+ *          <p>Adds a <a href="https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html">resource-based policy</a>
  *       to a function. You can use resource-based policies to grant access to other
  *       <a href="https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-cross-account.html">Amazon Web Services accounts</a>,
  *       <a href="https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-organization.html">organizations</a>, or

clients/client-lambda/src/commands/RemovePermissionCommand.ts

@@ -70,6 +70,11 @@ export interface RemovePermissionCommandOutput extends __MetadataBearer {}
  *             </li>
  *          </ul>
  *
+ * @throws {@link PublicPolicyException} (client fault)
+ *  <p>Lambda prevented your policy from being created because it would grant public access to your function. If you intended to
+ *       create a public policy, use the <a>PutPublicAccessBlockConfig</a> API action to configure your function's public-access settings
+ *       to allow public policies.</p>
+ *
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The resource specified in the request does not exist.</p>
  *

clients/client-lambda/src/commands/TagResourceCommand.ts

@@ -28,7 +28,7 @@ export interface TagResourceCommandInput extends TagResourceRequest {}
 export interface TagResourceCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Adds <a href="https://docs.aws.amazon.com/lambda/latest/dg/tagging.html">tags</a> to a function.</p>
+ * <p>Adds <a href="https://docs.aws.amazon.com/lambda/latest/dg/tagging.html">tags</a> to a function, event source mapping, or code signing configuration.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-lambda/src/commands/UntagResourceCommand.ts

@@ -28,7 +28,7 @@ export interface UntagResourceCommandInput extends UntagResourceRequest {}
 export interface UntagResourceCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Removes <a href="https://docs.aws.amazon.com/lambda/latest/dg/tagging.html">tags</a> from a function.</p>
+ * <p>Removes <a href="https://docs.aws.amazon.com/lambda/latest/dg/tagging.html">tags</a> from a function, event source mapping, or code signing configuration.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-lambda/src/commands/UpdateEventSourceMappingCommand.ts

@@ -269,6 +269,7 @@ export interface UpdateEventSourceMappingCommandOutput extends EventSourceMappin
  * //     ErrorCode: "STRING_VALUE",
  * //     Message: "STRING_VALUE",
  * //   },
+ * //   EventSourceMappingArn: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-lambda/src/models/models_0.ts

@@ -397,7 +397,7 @@ export interface AddPermissionRequest {
   Action: string | undefined;
 
   /**
-   * <p>The Amazon Web Servicesservice or Amazon Web Services account that invokes the function. If you specify a
+   * <p>The Amazon Web Servicesservice, Amazon Web Services account, IAM user, or IAM role that invokes the function. If you specify a
    *       service, use <code>SourceArn</code> or <code>SourceAccount</code> to limit who can invoke the function through
    *       that service.</p>
    * @public
@@ -466,6 +466,37 @@ export interface AddPermissionResponse {
   Statement?: string;
 }
 
+/**
+ * <p>Lambda prevented your policy from being created because it would grant public access to your function. If you intended to
+ *       create a public policy, use the <a>PutPublicAccessBlockConfig</a> API action to configure your function's public-access settings
+ *       to allow public policies.</p>
+ * @public
+ */
+export class PublicPolicyException extends __BaseException {
+  readonly name: "PublicPolicyException" = "PublicPolicyException";
+  readonly $fault: "client" = "client";
+  /**
+   * <p>The exception type.</p>
+   * @public
+   */
+  Type?: string;
+
+  Message?: string;
+  /**
+   * @internal
+   */
+  constructor(opts: __ExceptionOptionType<PublicPolicyException, __BaseException>) {
+    super({
+      name: "PublicPolicyException",
+      $fault: "client",
+      ...opts,
+    });
+    Object.setPrototypeOf(this, PublicPolicyException.prototype);
+    this.Type = opts.Type;
+    this.Message = opts.Message;
+  }
+}
+
 /**
  * <p>The <a href="https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html">traffic-shifting</a> configuration of a Lambda function alias.</p>
  * @public
@@ -687,6 +718,12 @@ export interface CreateCodeSigningConfigRequest {
    * @public
    */
   CodeSigningPolicies?: CodeSigningPolicies;
+
+  /**
+   * <p>A list of tags to add to the code signing configuration.</p>
+   * @public
+   */
+  Tags?: Record<string, string>;
 }
 
 /**
@@ -1204,6 +1241,12 @@ export interface CreateEventSourceMappingRequest {
    */
   MaximumRetryAttempts?: number;
 
+  /**
+   * <p>A list of tags to apply to the event source mapping.</p>
+   * @public
+   */
+  Tags?: Record<string, string>;
+
   /**
    * <p>(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.</p>
    * @public
@@ -1496,6 +1539,12 @@ export interface EventSourceMappingConfiguration {
    * @public
    */
   FilterCriteriaError?: FilterCriteriaError;
+
+  /**
+   * <p>The Amazon Resource Name (ARN) of the event source mapping.</p>
+   * @public
+   */
+  EventSourceMappingArn?: string;
 }
 
 /**
@@ -6070,8 +6119,8 @@ export interface ListProvisionedConcurrencyConfigsResponse {
  */
 export interface ListTagsRequest {
   /**
-   * <p>The function's Amazon Resource Name (ARN).
-   *       Note: Lambda does not support adding tags to aliases or versions.</p>
+   * <p>The resource's Amazon Resource Name (ARN).
+   *       Note: Lambda does not support adding tags to function aliases or versions.</p>
    * @public
    */
   Resource: string | undefined;
@@ -6717,37 +6766,6 @@ export interface PutPublicAccessBlockConfigResponse {
   PublicAccessBlockConfig?: PublicAccessBlockConfig;
 }
 
-/**
- * <p>Lambda prevented your policy from being created because it would grant public access to your function. If you intended to
- *       create a public policy, use the <a>PutPublicAccessBlockConfig</a> API action to configure your function's public-access settings
- *       to allow public policies.</p>
- * @public
- */
-export class PublicPolicyException extends __BaseException {
-  readonly name: "PublicPolicyException" = "PublicPolicyException";
-  readonly $fault: "client" = "client";
-  /**
-   * <p>The exception type.</p>
-   * @public
-   */
-  Type?: string;
-
-  Message?: string;
-  /**
-   * @internal
-   */
-  constructor(opts: __ExceptionOptionType<PublicPolicyException, __BaseException>) {
-    super({
-      name: "PublicPolicyException",
-      $fault: "client",
-      ...opts,
-    });
-    Object.setPrototypeOf(this, PublicPolicyException.prototype);
-    this.Type = opts.Type;
-    this.Message = opts.Message;
-  }
-}
-
 /**
  * @public
  */
@@ -6972,13 +6990,13 @@ export interface RemovePermissionRequest {
  */
 export interface TagResourceRequest {
   /**
-   * <p>The function's Amazon Resource Name (ARN).</p>
+   * <p>The resource's Amazon Resource Name (ARN).</p>
    * @public
    */
   Resource: string | undefined;
 
   /**
-   * <p>A list of tags to apply to the function.</p>
+   * <p>A list of tags to apply to the resource.</p>
    * @public
    */
   Tags: Record<string, string> | undefined;
@@ -6989,13 +7007,13 @@ export interface TagResourceRequest {
  */
 export interface UntagResourceRequest {
   /**
-   * <p>The function's Amazon Resource Name (ARN).</p>
+   * <p>The resource's Amazon Resource Name (ARN).</p>
    * @public
    */
   Resource: string | undefined;
 
   /**
-   * <p>A list of tag keys to remove from the function.</p>
+   * <p>A list of tag keys to remove from the resource.</p>
    * @public
    */
   TagKeys: string[] | undefined;