Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » AWS Lambda Resource Types Reference » AWS::Lambda::LayerVersionPermission

AWS::Lambda::LayerVersionPermission

The AWS::Lambda::LayerVersionPermission resource gives other accounts permission to use a layer version in AWS Lambda. For more information, see AWS Lambda Layers in the AWS Lambda Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Lambda::LayerVersionPermission",
  "Properties" : {
    "Action" : String,
    "LayerVersionArn" : String,
    "OrganizationId" : String,
    "Principal" : String
  }
}

YAML

Type: "AWS::Lambda::LayerVersionPermission"
Properties:
  Action: String
  LayerVersionArn: String
  OrganizationId: String
  Principal: String

Properties

Action

The API action that grants access to the layer. For example, lambda:GetLayerVersion.

Required: Yes

Type: String

Update requires: Replacement

LayerVersionArn

The ARN of the layer version.

Required: Yes

Type: String

Update requires: Replacement

OrganizationId

With the principal set to *, grant permission to all accounts in the specified organization.

Required: No

Type: String

Update requires: Replacement

Principal

An account ID, or * to grant permission to all AWS accounts.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of an AWS::Lambda::LayerVersionPermission resource to the intrinsic Ref function, the function returns the layer version ARN and statement ID, such as arn:aws:lambda:us-west-2:123456789012:layer:my-layer:1#engineering-org.

For more information about using the Ref function, see Ref.

Examples

Grant permission to an organization

The following example grants all accounts in an organization permission to use a layer version.

JSON

{
  "Type" : "AWS::Lambda::LayerVersionPermission",
  "Properties" : {
    "Action" : "lambda:GetLayerVersion",
    "LayerVersionArn" : "arn:aws:lambda:us-west-2:011685312445:layer:my-layer:1",
    "OrganizationId" : "o-t194hfs8cz",
    "Principal" : "*"
  }
}

YAML

Type: "AWS::Lambda::LayerVersionPermission"
Properties:
  Action: lambda:GetLayerVersion
  LayerVersionArn: arn:aws:lambda:us-west-2:011685312445:layer:my-layer:1
  OrganizationId: o-t194hfs8cz
  Principal: *

See Also