API_AddLayerVersionPermission.md

AddLayerVersionPermission

Adds permissions to the resource-based policy of a version of a function layer. Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all AWS accounts, or all accounts in an organization.

To revoke permission, call RemoveLayerVersionPermission with the statement ID that you specified when you added it.

Request Syntax

POST /2018-10-31/layers/LayerName/versions/VersionNumber/policy?RevisionId=RevisionId HTTP/1.1
Content-type: application/json

{
   "[Action](#SSS-AddLayerVersionPermission-request-Action)": "string",
   "[OrganizationId](#SSS-AddLayerVersionPermission-request-OrganizationId)": "string",
   "[Principal](#SSS-AddLayerVersionPermission-request-Principal)": "string",
   "[StatementId](#SSS-AddLayerVersionPermission-request-StatementId)": "string"
}

URI Request Parameters

The request requires the following URI parameters.

** LayerName ** The name of the layer.
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: (arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\d{12}:layer:[a-zA-Z0-9-_]+)|[a-zA-Z0-9-_]+

** RevisionId ** Only update the policy if the revision ID matches the ID specified. Use this option to avoid modifying a policy that has changed since you last read it.

** VersionNumber ** The version number.

Request Body

The request accepts the following data in JSON format.

** Action ** The API action that grants access to the layer. For example, lambda:GetLayerVersion.
Type: String
Pattern: lambda:GetLayerVersion
Required: Yes

** OrganizationId ** With the principal set to *, grant permission to all accounts in the specified organization.
Type: String
Pattern: o-[a-z0-9]{10,32}
Required: No

** Principal ** An account ID, or * to grant permission to all AWS accounts.
Type: String
Pattern: \d{12}|\*|arn:(aws[a-zA-Z-]*):iam::\d{12}:root
Required: Yes

** StatementId ** An identifier that distinguishes the policy from others on the same layer version.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern: ([a-zA-Z0-9-_]+)
Required: Yes

Response Syntax

HTTP/1.1 201
Content-type: application/json

{
   "[RevisionId](#SSS-AddLayerVersionPermission-response-RevisionId)": "string",
   "[Statement](#SSS-AddLayerVersionPermission-response-Statement)": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

** RevisionId ** A unique identifier for the current revision of the policy.
Type: String

** Statement ** The permission statement.
Type: String

Errors

InvalidParameterValueException
One of the parameters in the request is invalid. For example, if you provided an IAM role for AWS Lambda to assume in the CreateFunction or the UpdateFunctionConfiguration API, that AWS Lambda is unable to assume you will get this exception.
HTTP Status Code: 400

PolicyLengthExceededException
Lambda function access policy is limited to 20 KB.
HTTP Status Code: 400

PreconditionFailedException
The RevisionId provided does not match the latest RevisionId for the Lambda function or alias. Call the GetFunction or the GetAlias API to retrieve the latest RevisionId for your resource.
HTTP Status Code: 412

ResourceConflictException
The resource already exists.
HTTP Status Code: 409

ResourceNotFoundException
The resource (for example, a Lambda function or access policy statement) specified in the request does not exist.
HTTP Status Code: 404

ServiceException
The AWS Lambda service encountered an internal error.
HTTP Status Code: 500

TooManyRequestsException
Request throughput limit exceeded
HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V2