Docs Home
AWS v7.4.0 published on Wednesday, Aug 13, 2025 by Pulumi
aws.lambda.LayerVersionPermission
Explore with Pulumi AI
Manages an AWS Lambda Layer Version Permission. Use this resource to share Lambda Layers with other AWS accounts, organizations, or make them publicly accessible.
For information about Lambda Layer Permissions and how to use them, see Using Resource-based Policies for AWS Lambda.
Note: Setting
skip_destroytotruemeans that the AWS Provider will not destroy any layer version permission, even when runningpulumi destroy. Layer version permissions are thus intentional dangling resources that are not managed by Pulumi and may incur extra expense in your AWS account.
Example Usage
Share Layer with Specific Account
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Lambda layer to share
const example = new aws.lambda.LayerVersion("example", {
code: new pulumi.asset.FileArchive("layer.zip"),
layerName: "shared_utilities",
description: "Common utilities for Lambda functions",
compatibleRuntimes: [
"nodejs20.x",
"python3.12",
],
});
// Grant permission to specific AWS account
const exampleLayerVersionPermission = new aws.lambda.LayerVersionPermission("example", {
layerName: example.layerName,
versionNumber: example.version,
principal: "123456789012",
action: "lambda:GetLayerVersion",
statementId: "dev-account-access",
});
import pulumi
import pulumi_aws as aws
# Lambda layer to share
example = aws.lambda_.LayerVersion("example",
code=pulumi.FileArchive("layer.zip"),
layer_name="shared_utilities",
description="Common utilities for Lambda functions",
compatible_runtimes=[
"nodejs20.x",
"python3.12",
])
# Grant permission to specific AWS account
example_layer_version_permission = aws.lambda_.LayerVersionPermission("example",
layer_name=example.layer_name,
version_number=example.version,
principal="123456789012",
action="lambda:GetLayerVersion",
statement_id="dev-account-access")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Lambda layer to share
example, err := lambda.NewLayerVersion(ctx, "example", &lambda.LayerVersionArgs{
Code: pulumi.NewFileArchive("layer.zip"),
LayerName: pulumi.String("shared_utilities"),
Description: pulumi.String("Common utilities for Lambda functions"),
CompatibleRuntimes: pulumi.StringArray{
pulumi.String("nodejs20.x"),
pulumi.String("python3.12"),
},
})
if err != nil {
return err
}
// Grant permission to specific AWS account
_, err = lambda.NewLayerVersionPermission(ctx, "example", &lambda.LayerVersionPermissionArgs{
LayerName: example.LayerName,
VersionNumber: example.Version,
Principal: pulumi.String("123456789012"),
Action: pulumi.String("lambda:GetLayerVersion"),
StatementId: pulumi.String("dev-account-access"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Lambda layer to share
var example = new Aws.Lambda.LayerVersion("example", new()
{
Code = new FileArchive("layer.zip"),
LayerName = "shared_utilities",
Description = "Common utilities for Lambda functions",
CompatibleRuntimes = new[]
{
"nodejs20.x",
"python3.12",
},
});
// Grant permission to specific AWS account
var exampleLayerVersionPermission = new Aws.Lambda.LayerVersionPermission("example", new()
{
LayerName = example.LayerName,
VersionNumber = example.Version,
Principal = "123456789012",
Action = "lambda:GetLayerVersion",
StatementId = "dev-account-access",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersion;
import com.pulumi.aws.lambda.LayerVersionArgs;
import com.pulumi.aws.lambda.LayerVersionPermission;
import com.pulumi.aws.lambda.LayerVersionPermissionArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Lambda layer to share
var example = new LayerVersion("example", LayerVersionArgs.builder()
.code(new FileArchive("layer.zip"))
.layerName("shared_utilities")
.description("Common utilities for Lambda functions")
.compatibleRuntimes(
"nodejs20.x",
"python3.12")
.build());
// Grant permission to specific AWS account
var exampleLayerVersionPermission = new LayerVersionPermission("exampleLayerVersionPermission", LayerVersionPermissionArgs.builder()
.layerName(example.layerName())
.versionNumber(example.version())
.principal("123456789012")
.action("lambda:GetLayerVersion")
.statementId("dev-account-access")
.build());
}
}
resources:
# Lambda layer to share
example:
type: aws:lambda:LayerVersion
properties:
code:
fn::FileArchive: layer.zip
layerName: shared_utilities
description: Common utilities for Lambda functions
compatibleRuntimes:
- nodejs20.x
- python3.12
# Grant permission to specific AWS account
exampleLayerVersionPermission:
type: aws:lambda:LayerVersionPermission
name: example
properties:
layerName: ${example.layerName}
versionNumber: ${example.version}
principal: '123456789012'
action: lambda:GetLayerVersion
statementId: dev-account-access
Share Layer with Organization
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lambda.LayerVersionPermission("example", {
layerName: exampleAwsLambdaLayerVersion.layerName,
versionNumber: exampleAwsLambdaLayerVersion.version,
principal: "*",
organizationId: "o-1234567890",
action: "lambda:GetLayerVersion",
statementId: "org-wide-access",
});
import pulumi
import pulumi_aws as aws
example = aws.lambda_.LayerVersionPermission("example",
layer_name=example_aws_lambda_layer_version["layerName"],
version_number=example_aws_lambda_layer_version["version"],
principal="*",
organization_id="o-1234567890",
action="lambda:GetLayerVersion",
statement_id="org-wide-access")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lambda.NewLayerVersionPermission(ctx, "example", &lambda.LayerVersionPermissionArgs{
LayerName: pulumi.Any(exampleAwsLambdaLayerVersion.LayerName),
VersionNumber: pulumi.Any(exampleAwsLambdaLayerVersion.Version),
Principal: pulumi.String("*"),
OrganizationId: pulumi.String("o-1234567890"),
Action: pulumi.String("lambda:GetLayerVersion"),
StatementId: pulumi.String("org-wide-access"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Lambda.LayerVersionPermission("example", new()
{
LayerName = exampleAwsLambdaLayerVersion.LayerName,
VersionNumber = exampleAwsLambdaLayerVersion.Version,
Principal = "*",
OrganizationId = "o-1234567890",
Action = "lambda:GetLayerVersion",
StatementId = "org-wide-access",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersionPermission;
import com.pulumi.aws.lambda.LayerVersionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new LayerVersionPermission("example", LayerVersionPermissionArgs.builder()
.layerName(exampleAwsLambdaLayerVersion.layerName())
.versionNumber(exampleAwsLambdaLayerVersion.version())
.principal("*")
.organizationId("o-1234567890")
.action("lambda:GetLayerVersion")
.statementId("org-wide-access")
.build());
}
}
resources:
example:
type: aws:lambda:LayerVersionPermission
properties:
layerName: ${exampleAwsLambdaLayerVersion.layerName}
versionNumber: ${exampleAwsLambdaLayerVersion.version}
principal: '*'
organizationId: o-1234567890
action: lambda:GetLayerVersion
statementId: org-wide-access
Share Layer Publicly
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lambda.LayerVersionPermission("example", {
layerName: exampleAwsLambdaLayerVersion.layerName,
versionNumber: exampleAwsLambdaLayerVersion.version,
principal: "*",
action: "lambda:GetLayerVersion",
statementId: "public-access",
});
import pulumi
import pulumi_aws as aws
example = aws.lambda_.LayerVersionPermission("example",
layer_name=example_aws_lambda_layer_version["layerName"],
version_number=example_aws_lambda_layer_version["version"],
principal="*",
action="lambda:GetLayerVersion",
statement_id="public-access")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lambda.NewLayerVersionPermission(ctx, "example", &lambda.LayerVersionPermissionArgs{
LayerName: pulumi.Any(exampleAwsLambdaLayerVersion.LayerName),
VersionNumber: pulumi.Any(exampleAwsLambdaLayerVersion.Version),
Principal: pulumi.String("*"),
Action: pulumi.String("lambda:GetLayerVersion"),
StatementId: pulumi.String("public-access"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Lambda.LayerVersionPermission("example", new()
{
LayerName = exampleAwsLambdaLayerVersion.LayerName,
VersionNumber = exampleAwsLambdaLayerVersion.Version,
Principal = "*",
Action = "lambda:GetLayerVersion",
StatementId = "public-access",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersionPermission;
import com.pulumi.aws.lambda.LayerVersionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new LayerVersionPermission("example", LayerVersionPermissionArgs.builder()
.layerName(exampleAwsLambdaLayerVersion.layerName())
.versionNumber(exampleAwsLambdaLayerVersion.version())
.principal("*")
.action("lambda:GetLayerVersion")
.statementId("public-access")
.build());
}
}
resources:
example:
type: aws:lambda:LayerVersionPermission
properties:
layerName: ${exampleAwsLambdaLayerVersion.layerName}
versionNumber: ${exampleAwsLambdaLayerVersion.version}
principal: '*'
action: lambda:GetLayerVersion
statementId: public-access
Multiple Account Access
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Share with multiple specific accounts
const devAccount = new aws.lambda.LayerVersionPermission("dev_account", {
layerName: example.layerName,
versionNumber: example.version,
principal: "111111111111",
action: "lambda:GetLayerVersion",
statementId: "dev-account",
});
const stagingAccount = new aws.lambda.LayerVersionPermission("staging_account", {
layerName: example.layerName,
versionNumber: example.version,
principal: "222222222222",
action: "lambda:GetLayerVersion",
statementId: "staging-account",
});
const prodAccount = new aws.lambda.LayerVersionPermission("prod_account", {
layerName: example.layerName,
versionNumber: example.version,
principal: "333333333333",
action: "lambda:GetLayerVersion",
statementId: "prod-account",
});
import pulumi
import pulumi_aws as aws
# Share with multiple specific accounts
dev_account = aws.lambda_.LayerVersionPermission("dev_account",
layer_name=example["layerName"],
version_number=example["version"],
principal="111111111111",
action="lambda:GetLayerVersion",
statement_id="dev-account")
staging_account = aws.lambda_.LayerVersionPermission("staging_account",
layer_name=example["layerName"],
version_number=example["version"],
principal="222222222222",
action="lambda:GetLayerVersion",
statement_id="staging-account")
prod_account = aws.lambda_.LayerVersionPermission("prod_account",
layer_name=example["layerName"],
version_number=example["version"],
principal="333333333333",
action="lambda:GetLayerVersion",
statement_id="prod-account")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Share with multiple specific accounts
_, err := lambda.NewLayerVersionPermission(ctx, "dev_account", &lambda.LayerVersionPermissionArgs{
LayerName: pulumi.Any(example.LayerName),
VersionNumber: pulumi.Any(example.Version),
Principal: pulumi.String("111111111111"),
Action: pulumi.String("lambda:GetLayerVersion"),
StatementId: pulumi.String("dev-account"),
})
if err != nil {
return err
}
_, err = lambda.NewLayerVersionPermission(ctx, "staging_account", &lambda.LayerVersionPermissionArgs{
LayerName: pulumi.Any(example.LayerName),
VersionNumber: pulumi.Any(example.Version),
Principal: pulumi.String("222222222222"),
Action: pulumi.String("lambda:GetLayerVersion"),
StatementId: pulumi.String("staging-account"),
})
if err != nil {
return err
}
_, err = lambda.NewLayerVersionPermission(ctx, "prod_account", &lambda.LayerVersionPermissionArgs{
LayerName: pulumi.Any(example.LayerName),
VersionNumber: pulumi.Any(example.Version),
Principal: pulumi.String("333333333333"),
Action: pulumi.String("lambda:GetLayerVersion"),
StatementId: pulumi.String("prod-account"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Share with multiple specific accounts
var devAccount = new Aws.Lambda.LayerVersionPermission("dev_account", new()
{
LayerName = example.LayerName,
VersionNumber = example.Version,
Principal = "111111111111",
Action = "lambda:GetLayerVersion",
StatementId = "dev-account",
});
var stagingAccount = new Aws.Lambda.LayerVersionPermission("staging_account", new()
{
LayerName = example.LayerName,
VersionNumber = example.Version,
Principal = "222222222222",
Action = "lambda:GetLayerVersion",
StatementId = "staging-account",
});
var prodAccount = new Aws.Lambda.LayerVersionPermission("prod_account", new()
{
LayerName = example.LayerName,
VersionNumber = example.Version,
Principal = "333333333333",
Action = "lambda:GetLayerVersion",
StatementId = "prod-account",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersionPermission;
import com.pulumi.aws.lambda.LayerVersionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Share with multiple specific accounts
var devAccount = new LayerVersionPermission("devAccount", LayerVersionPermissionArgs.builder()
.layerName(example.layerName())
.versionNumber(example.version())
.principal("111111111111")
.action("lambda:GetLayerVersion")
.statementId("dev-account")
.build());
var stagingAccount = new LayerVersionPermission("stagingAccount", LayerVersionPermissionArgs.builder()
.layerName(example.layerName())
.versionNumber(example.version())
.principal("222222222222")
.action("lambda:GetLayerVersion")
.statementId("staging-account")
.build());
var prodAccount = new LayerVersionPermission("prodAccount", LayerVersionPermissionArgs.builder()
.layerName(example.layerName())
.versionNumber(example.version())
.principal("333333333333")
.action("lambda:GetLayerVersion")
.statementId("prod-account")
.build());
}
}
resources:
# Share with multiple specific accounts
devAccount:
type: aws:lambda:LayerVersionPermission
name: dev_account
properties:
layerName: ${example.layerName}
versionNumber: ${example.version}
principal: '111111111111'
action: lambda:GetLayerVersion
statementId: dev-account
stagingAccount:
type: aws:lambda:LayerVersionPermission
name: staging_account
properties:
layerName: ${example.layerName}
versionNumber: ${example.version}
principal: '222222222222'
action: lambda:GetLayerVersion
statementId: staging-account
prodAccount:
type: aws:lambda:LayerVersionPermission
name: prod_account
properties:
layerName: ${example.layerName}
versionNumber: ${example.version}
principal: '333333333333'
action: lambda:GetLayerVersion
statementId: prod-account
Create LayerVersionPermission Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new LayerVersionPermission(name: string, args: LayerVersionPermissionArgs, opts?: CustomResourceOptions);@overload
def LayerVersionPermission(resource_name: str,
args: LayerVersionPermissionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def LayerVersionPermission(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
layer_name: Optional[str] = None,
principal: Optional[str] = None,
statement_id: Optional[str] = None,
version_number: Optional[int] = None,
organization_id: Optional[str] = None,
region: Optional[str] = None,
skip_destroy: Optional[bool] = None)func NewLayerVersionPermission(ctx *Context, name string, args LayerVersionPermissionArgs, opts ...ResourceOption) (*LayerVersionPermission, error)public LayerVersionPermission(string name, LayerVersionPermissionArgs args, CustomResourceOptions? opts = null)
public LayerVersionPermission(String name, LayerVersionPermissionArgs args)
public LayerVersionPermission(String name, LayerVersionPermissionArgs args, CustomResourceOptions options)
type: aws:lambda:LayerVersionPermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LayerVersionPermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LayerVersionPermissionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LayerVersionPermissionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LayerVersionPermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LayerVersionPermissionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var layerVersionPermissionResource = new Aws.Lambda.LayerVersionPermission("layerVersionPermissionResource", new()
{
Action = "string",
LayerName = "string",
Principal = "string",
StatementId = "string",
VersionNumber = 0,
OrganizationId = "string",
Region = "string",
SkipDestroy = false,
});
example, err := lambda.NewLayerVersionPermission(ctx, "layerVersionPermissionResource", &lambda.LayerVersionPermissionArgs{
Action: pulumi.String("string"),
LayerName: pulumi.String("string"),
Principal: pulumi.String("string"),
StatementId: pulumi.String("string"),
VersionNumber: pulumi.Int(0),
OrganizationId: pulumi.String("string"),
Region: pulumi.String("string"),
SkipDestroy: pulumi.Bool(false),
})
var layerVersionPermissionResource = new LayerVersionPermission("layerVersionPermissionResource", LayerVersionPermissionArgs.builder()
.action("string")
.layerName("string")
.principal("string")
.statementId("string")
.versionNumber(0)
.organizationId("string")
.region("string")
.skipDestroy(false)
.build());
layer_version_permission_resource = aws.lambda_.LayerVersionPermission("layerVersionPermissionResource",
action="string",
layer_name="string",
principal="string",
statement_id="string",
version_number=0,
organization_id="string",
region="string",
skip_destroy=False)
const layerVersionPermissionResource = new aws.lambda.LayerVersionPermission("layerVersionPermissionResource", {
action: "string",
layerName: "string",
principal: "string",
statementId: "string",
versionNumber: 0,
organizationId: "string",
region: "string",
skipDestroy: false,
});
type: aws:lambda:LayerVersionPermission
properties:
action: string
layerName: string
organizationId: string
principal: string
region: string
skipDestroy: false
statementId: string
versionNumber: 0
LayerVersionPermission Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The LayerVersionPermission resource accepts the following input properties:
- Action string
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - Layer
Name string - Name or ARN of the Lambda Layer.
- Principal string
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - Statement
Id string - Unique identifier for the permission statement.
- Version
Number int Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- Organization
Id string - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Skip
Destroy bool - Whether to retain the permission when the resource is destroyed. Default is
false.
- Action string
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - Layer
Name string - Name or ARN of the Lambda Layer.
- Principal string
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - Statement
Id string - Unique identifier for the permission statement.
- Version
Number int Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- Organization
Id string - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Skip
Destroy bool - Whether to retain the permission when the resource is destroyed. Default is
false.
- action String
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer
Name String - Name or ARN of the Lambda Layer.
- principal String
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - statement
Id String - Unique identifier for the permission statement.
- version
Number Integer Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- organization
Id String - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- skip
Destroy Boolean - Whether to retain the permission when the resource is destroyed. Default is
false.
- action string
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer
Name string - Name or ARN of the Lambda Layer.
- principal string
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - statement
Id string - Unique identifier for the permission statement.
- version
Number number Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- organization
Id string - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- skip
Destroy boolean - Whether to retain the permission when the resource is destroyed. Default is
false.
- action str
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer_
name str - Name or ARN of the Lambda Layer.
- principal str
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - statement_
id str - Unique identifier for the permission statement.
- version_
number int Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- organization_
id str - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- skip_
destroy bool - Whether to retain the permission when the resource is destroyed. Default is
false.
- action String
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer
Name String - Name or ARN of the Lambda Layer.
- principal String
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - statement
Id String - Unique identifier for the permission statement.
- version
Number Number Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- organization
Id String - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- skip
Destroy Boolean - Whether to retain the permission when the resource is destroyed. Default is
false.
Outputs
All input properties are implicitly available as output properties. Additionally, the LayerVersionPermission resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy string
- Full Lambda Layer Permission policy.
- Revision
Id string - Unique identifier for the current revision of the policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy string
- Full Lambda Layer Permission policy.
- Revision
Id string - Unique identifier for the current revision of the policy.
- id String
- The provider-assigned unique ID for this managed resource.
- policy String
- Full Lambda Layer Permission policy.
- revision
Id String - Unique identifier for the current revision of the policy.
- id string
- The provider-assigned unique ID for this managed resource.
- policy string
- Full Lambda Layer Permission policy.
- revision
Id string - Unique identifier for the current revision of the policy.
- id str
- The provider-assigned unique ID for this managed resource.
- policy str
- Full Lambda Layer Permission policy.
- revision_
id str - Unique identifier for the current revision of the policy.
- id String
- The provider-assigned unique ID for this managed resource.
- policy String
- Full Lambda Layer Permission policy.
- revision
Id String - Unique identifier for the current revision of the policy.
Look up Existing LayerVersionPermission Resource
Get an existing LayerVersionPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LayerVersionPermissionState, opts?: CustomResourceOptions): LayerVersionPermission@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
layer_name: Optional[str] = None,
organization_id: Optional[str] = None,
policy: Optional[str] = None,
principal: Optional[str] = None,
region: Optional[str] = None,
revision_id: Optional[str] = None,
skip_destroy: Optional[bool] = None,
statement_id: Optional[str] = None,
version_number: Optional[int] = None) -> LayerVersionPermissionfunc GetLayerVersionPermission(ctx *Context, name string, id IDInput, state *LayerVersionPermissionState, opts ...ResourceOption) (*LayerVersionPermission, error)public static LayerVersionPermission Get(string name, Input<string> id, LayerVersionPermissionState? state, CustomResourceOptions? opts = null)public static LayerVersionPermission get(String name, Output<String> id, LayerVersionPermissionState state, CustomResourceOptions options)resources: _: type: aws:lambda:LayerVersionPermission get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - Layer
Name string - Name or ARN of the Lambda Layer.
- Organization
Id string - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - Policy string
- Full Lambda Layer Permission policy.
- Principal string
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Revision
Id string - Unique identifier for the current revision of the policy.
- Skip
Destroy bool - Whether to retain the permission when the resource is destroyed. Default is
false. - Statement
Id string - Unique identifier for the permission statement.
- Version
Number int Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- Action string
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - Layer
Name string - Name or ARN of the Lambda Layer.
- Organization
Id string - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - Policy string
- Full Lambda Layer Permission policy.
- Principal string
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Revision
Id string - Unique identifier for the current revision of the policy.
- Skip
Destroy bool - Whether to retain the permission when the resource is destroyed. Default is
false. - Statement
Id string - Unique identifier for the permission statement.
- Version
Number int Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- action String
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer
Name String - Name or ARN of the Lambda Layer.
- organization
Id String - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - policy String
- Full Lambda Layer Permission policy.
- principal String
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- revision
Id String - Unique identifier for the current revision of the policy.
- skip
Destroy Boolean - Whether to retain the permission when the resource is destroyed. Default is
false. - statement
Id String - Unique identifier for the permission statement.
- version
Number Integer Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- action string
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer
Name string - Name or ARN of the Lambda Layer.
- organization
Id string - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - policy string
- Full Lambda Layer Permission policy.
- principal string
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- revision
Id string - Unique identifier for the current revision of the policy.
- skip
Destroy boolean - Whether to retain the permission when the resource is destroyed. Default is
false. - statement
Id string - Unique identifier for the permission statement.
- version
Number number Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- action str
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer_
name str - Name or ARN of the Lambda Layer.
- organization_
id str - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - policy str
- Full Lambda Layer Permission policy.
- principal str
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- revision_
id str - Unique identifier for the current revision of the policy.
- skip_
destroy bool - Whether to retain the permission when the resource is destroyed. Default is
false. - statement_
id str - Unique identifier for the permission statement.
- version_
number int Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
- action String
- Action that will be allowed.
lambda:GetLayerVersionis the standard value for layer access. - layer
Name String - Name or ARN of the Lambda Layer.
- organization
Id String - AWS Organization ID that should be able to use your Lambda Layer.
principalshould be set to*whenorganization_idis provided. - policy String
- Full Lambda Layer Permission policy.
- principal String
- AWS account ID that should be able to use your Lambda Layer. Use
*to share with all AWS accounts. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- revision
Id String - Unique identifier for the current revision of the policy.
- skip
Destroy Boolean - Whether to retain the permission when the resource is destroyed. Default is
false. - statement
Id String - Unique identifier for the permission statement.
- version
Number Number Version of Lambda Layer to grant access to. Note: permissions only apply to a single version of a layer.
The following arguments are optional:
Import
For backwards compatibility, the following legacy pulumi import command is also supported:
$ pulumi import aws:lambda/layerVersionPermission:LayerVersionPermission example arn:aws:lambda:us-west-2:123456789012:layer:shared_utilities,1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.