AWS v6.80.0, May 6 25

AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi

aws.lambda.LayerVersionPermission

Explore with Pulumi AI

AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi

NOTE: Setting skip_destroy to true means that the AWS Provider will not destroy any layer version permission, even when running pulumi destroy. Layer version permissions are thus intentional dangling resources that are not managed by Pulumi and may incur extra expense in your AWS account.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const lambdaLayerPermission = new aws.lambda.LayerVersionPermission("lambda_layer_permission", {
    layerName: "arn:aws:lambda:us-west-2:123456654321:layer:test_layer1",
    versionNumber: 1,
    principal: "111111111111",
    action: "lambda:GetLayerVersion",
    statementId: "dev-account",
});

import pulumi
import pulumi_aws as aws

lambda_layer_permission = aws.lambda_.LayerVersionPermission("lambda_layer_permission",
    layer_name="arn:aws:lambda:us-west-2:123456654321:layer:test_layer1",
    version_number=1,
    principal="111111111111",
    action="lambda:GetLayerVersion",
    statement_id="dev-account")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lambda.NewLayerVersionPermission(ctx, "lambda_layer_permission", &lambda.LayerVersionPermissionArgs{
			LayerName:     pulumi.String("arn:aws:lambda:us-west-2:123456654321:layer:test_layer1"),
			VersionNumber: pulumi.Int(1),
			Principal:     pulumi.String("111111111111"),
			Action:        pulumi.String("lambda:GetLayerVersion"),
			StatementId:   pulumi.String("dev-account"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var lambdaLayerPermission = new Aws.Lambda.LayerVersionPermission("lambda_layer_permission", new()
    {
        LayerName = "arn:aws:lambda:us-west-2:123456654321:layer:test_layer1",
        VersionNumber = 1,
        Principal = "111111111111",
        Action = "lambda:GetLayerVersion",
        StatementId = "dev-account",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersionPermission;
import com.pulumi.aws.lambda.LayerVersionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var lambdaLayerPermission = new LayerVersionPermission("lambdaLayerPermission", LayerVersionPermissionArgs.builder()
            .layerName("arn:aws:lambda:us-west-2:123456654321:layer:test_layer1")
            .versionNumber(1)
            .principal("111111111111")
            .action("lambda:GetLayerVersion")
            .statementId("dev-account")
            .build());

    }
}

resources:
  lambdaLayerPermission:
    type: aws:lambda:LayerVersionPermission
    name: lambda_layer_permission
    properties:
      layerName: arn:aws:lambda:us-west-2:123456654321:layer:test_layer1
      versionNumber: 1
      principal: '111111111111'
      action: lambda:GetLayerVersion
      statementId: dev-account

Create LayerVersionPermission Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LayerVersionPermission(name: string, args: LayerVersionPermissionArgs, opts?: CustomResourceOptions);

@overload
def LayerVersionPermission(resource_name: str,
                           args: LayerVersionPermissionArgs,
                           opts: Optional[ResourceOptions] = None)

@overload
def LayerVersionPermission(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           action: Optional[str] = None,
                           layer_name: Optional[str] = None,
                           principal: Optional[str] = None,
                           statement_id: Optional[str] = None,
                           version_number: Optional[int] = None,
                           organization_id: Optional[str] = None,
                           skip_destroy: Optional[bool] = None)

func NewLayerVersionPermission(ctx *Context, name string, args LayerVersionPermissionArgs, opts ...ResourceOption) (*LayerVersionPermission, error)

public LayerVersionPermission(string name, LayerVersionPermissionArgs args, CustomResourceOptions? opts = null)

public LayerVersionPermission(String name, LayerVersionPermissionArgs args)
public LayerVersionPermission(String name, LayerVersionPermissionArgs args, CustomResourceOptions options)

type: aws:lambda:LayerVersionPermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LayerVersionPermissionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LayerVersionPermissionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LayerVersionPermissionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LayerVersionPermissionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LayerVersionPermissionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var layerVersionPermissionResource = new Aws.Lambda.LayerVersionPermission("layerVersionPermissionResource", new()
{
    Action = "string",
    LayerName = "string",
    Principal = "string",
    StatementId = "string",
    VersionNumber = 0,
    OrganizationId = "string",
    SkipDestroy = false,
});

example, err := lambda.NewLayerVersionPermission(ctx, "layerVersionPermissionResource", &lambda.LayerVersionPermissionArgs{
	Action:         pulumi.String("string"),
	LayerName:      pulumi.String("string"),
	Principal:      pulumi.String("string"),
	StatementId:    pulumi.String("string"),
	VersionNumber:  pulumi.Int(0),
	OrganizationId: pulumi.String("string"),
	SkipDestroy:    pulumi.Bool(false),
})

var layerVersionPermissionResource = new LayerVersionPermission("layerVersionPermissionResource", LayerVersionPermissionArgs.builder()
    .action("string")
    .layerName("string")
    .principal("string")
    .statementId("string")
    .versionNumber(0)
    .organizationId("string")
    .skipDestroy(false)
    .build());

layer_version_permission_resource = aws.lambda_.LayerVersionPermission("layerVersionPermissionResource",
    action="string",
    layer_name="string",
    principal="string",
    statement_id="string",
    version_number=0,
    organization_id="string",
    skip_destroy=False)

const layerVersionPermissionResource = new aws.lambda.LayerVersionPermission("layerVersionPermissionResource", {
    action: "string",
    layerName: "string",
    principal: "string",
    statementId: "string",
    versionNumber: 0,
    organizationId: "string",
    skipDestroy: false,
});

type: aws:lambda:LayerVersionPermission
properties:
    action: string
    layerName: string
    organizationId: string
    principal: string
    skipDestroy: false
    statementId: string
    versionNumber: 0

LayerVersionPermission Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LayerVersionPermission resource accepts the following input properties:

Action string: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName string: The name or ARN of the Lambda Layer, which you want to grant access to.
Principal string: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
StatementId string: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber int: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
OrganizationId string: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
SkipDestroy bool: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.

Action string: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName string: The name or ARN of the Lambda Layer, which you want to grant access to.
Principal string: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
StatementId string: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber int: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
OrganizationId string: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
SkipDestroy bool: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.

action String: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName String: The name or ARN of the Lambda Layer, which you want to grant access to.
principal String: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statementId String: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber Integer: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organizationId String: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skipDestroy Boolean: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.

action string: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName string: The name or ARN of the Lambda Layer, which you want to grant access to.
principal string: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statementId string: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber number: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organizationId string: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skipDestroy boolean: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.

action str: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layer_name str: The name or ARN of the Lambda Layer, which you want to grant access to.
principal str: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statement_id str: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
version_number int: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organization_id str: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skip_destroy bool: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.

action String: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName String: The name or ARN of the Lambda Layer, which you want to grant access to.
principal String: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
statementId String: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber Number: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.
organizationId String: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
skipDestroy Boolean: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.

Outputs

All input properties are implicitly available as output properties. Additionally, the LayerVersionPermission resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Policy string: Full Lambda Layer Permission policy.
RevisionId string: A unique identifier for the current revision of the policy.

Id string: The provider-assigned unique ID for this managed resource.
Policy string: Full Lambda Layer Permission policy.
RevisionId string: A unique identifier for the current revision of the policy.

id String: The provider-assigned unique ID for this managed resource.
policy String: Full Lambda Layer Permission policy.
revisionId String: A unique identifier for the current revision of the policy.

id string: The provider-assigned unique ID for this managed resource.
policy string: Full Lambda Layer Permission policy.
revisionId string: A unique identifier for the current revision of the policy.

id str: The provider-assigned unique ID for this managed resource.
policy str: Full Lambda Layer Permission policy.
revision_id str: A unique identifier for the current revision of the policy.

id String: The provider-assigned unique ID for this managed resource.
policy String: Full Lambda Layer Permission policy.
revisionId String: A unique identifier for the current revision of the policy.

Look up Existing LayerVersionPermission Resource

Get an existing LayerVersionPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LayerVersionPermissionState, opts?: CustomResourceOptions): LayerVersionPermission

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        layer_name: Optional[str] = None,
        organization_id: Optional[str] = None,
        policy: Optional[str] = None,
        principal: Optional[str] = None,
        revision_id: Optional[str] = None,
        skip_destroy: Optional[bool] = None,
        statement_id: Optional[str] = None,
        version_number: Optional[int] = None) -> LayerVersionPermission

func GetLayerVersionPermission(ctx *Context, name string, id IDInput, state *LayerVersionPermissionState, opts ...ResourceOption) (*LayerVersionPermission, error)

public static LayerVersionPermission Get(string name, Input<string> id, LayerVersionPermissionState? state, CustomResourceOptions? opts = null)

public static LayerVersionPermission get(String name, Output<String> id, LayerVersionPermissionState state, CustomResourceOptions options)

resources:  _:    type: aws:lambda:LayerVersionPermission    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName string: The name or ARN of the Lambda Layer, which you want to grant access to.
OrganizationId string: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
Policy string: Full Lambda Layer Permission policy.
Principal string: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
RevisionId string: A unique identifier for the current revision of the policy.
SkipDestroy bool: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
StatementId string: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber int: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.

Action string: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
LayerName string: The name or ARN of the Lambda Layer, which you want to grant access to.
OrganizationId string: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
Policy string: Full Lambda Layer Permission policy.
Principal string: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
RevisionId string: A unique identifier for the current revision of the policy.
SkipDestroy bool: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
StatementId string: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
VersionNumber int: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.

action String: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName String: The name or ARN of the Lambda Layer, which you want to grant access to.
organizationId String: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy String: Full Lambda Layer Permission policy.
principal String: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revisionId String: A unique identifier for the current revision of the policy.
skipDestroy Boolean: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statementId String: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber Integer: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.

action string: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName string: The name or ARN of the Lambda Layer, which you want to grant access to.
organizationId string: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy string: Full Lambda Layer Permission policy.
principal string: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revisionId string: A unique identifier for the current revision of the policy.
skipDestroy boolean: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statementId string: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber number: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.

action str: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layer_name str: The name or ARN of the Lambda Layer, which you want to grant access to.
organization_id str: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy str: Full Lambda Layer Permission policy.
principal str: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revision_id str: A unique identifier for the current revision of the policy.
skip_destroy bool: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statement_id str: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
version_number int: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.

action String: Action, which will be allowed. lambda:GetLayerVersion value is suggested by AWS documantation.
layerName String: The name or ARN of the Lambda Layer, which you want to grant access to.
organizationId String: An identifier of AWS Organization, which should be able to use your Lambda Layer. principal should be equal to * if organization_id provided.
policy String: Full Lambda Layer Permission policy.
principal String: AWS account ID which should be able to use your Lambda Layer. * can be used here, if you want to share your Lambda Layer widely.
revisionId String: A unique identifier for the current revision of the policy.
skipDestroy Boolean: Whether to retain the old version of a previously deployed Lambda Layer. Default is false. When this is not set to true, changing any of compatible_architectures, compatible_runtimes, description, filename, layer_name, license_info, s3_bucket, s3_key, s3_object_version, or source_code_hash forces deletion of the existing layer version and creation of a new layer version.
statementId String: The name of Lambda Layer Permission, for example dev-account - human readable note about what is this permission for.
versionNumber Number: Version of Lambda Layer, which you want to grant access to. Note: permissions only apply to a single version of a layer.

Import

Using pulumi import, import Lambda Layer Permissions using layer_name and version_number, separated by a comma (,). For example:

$ pulumi import aws:lambda/layerVersionPermission:LayerVersionPermission example arn:aws:lambda:us-west-2:123456654321:layer:test_layer1,1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi

pulumi/pulumi-aws

aws.lambda.LayerVersionPermission

On this page

On this page

Example Usage

Create LayerVersionPermission Resource

Constructor syntax

Parameters

Constructor example

LayerVersionPermission Resource Properties

Inputs

Outputs

Look up Existing LayerVersionPermission Resource

Import

Package Details

On this page

On this page