Removes permissions from a function. You can remove individual permissions from an resource policy associated with a Lambda function by providing a statement ID that you provided when you added the permission. When you remove permissions, disable the event source mapping or trigger configuration first to avoid errors.
Permissions apply to the Amazon Resource Name (ARN) used to invoke the function, which can be unqualified (the unpublished version of the function), or include a version or alias. If a client uses a version or alias to invoke a function, use the Qualifier parameter to apply permissions to that ARN. For more information about versioning, see AWS Lambda Function Versioning and Aliases.
You need permission for the lambda:RemovePermission action.
DELETE /2015-03-31/functions/FunctionName/policy/StatementId?Qualifier=Qualifier&RevisionId=RevisionId HTTP/1.1
The request requires the following URI parameters.
** FunctionName ** The name of the lambda function.
Name formats
- Function name -
MyFunction. - Function ARN -
arn:aws:lambda:us-west-2:123456789012:function:MyFunction. - Partial ARN -
123456789012:function:MyFunction. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern:(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?
** Qualifier **
Specify a version or alias to remove permissions from a published version of the function.
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: (|[a-zA-Z0-9$_-]+)
** RevisionId **
An optional value you can use to ensure you are updating the latest update of the function version or alias. If the RevisionID you pass doesn't match the latest RevisionId of the function or alias, it will fail with an error message, advising you to retrieve the latest function version or alias RevisionID using either GetFunction or GetAlias.
** StatementId **
Statement ID of the permission to remove.
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern: ([a-zA-Z0-9-_.]+)
The request does not have a request body.
HTTP/1.1 204
If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body.
InvalidParameterValueException
One of the parameters in the request is invalid. For example, if you provided an IAM role for AWS Lambda to assume in the CreateFunction or the UpdateFunctionConfiguration API, that AWS Lambda is unable to assume you will get this exception.
HTTP Status Code: 400
PreconditionFailedException
The RevisionId provided does not match the latest RevisionId for the Lambda function or alias. Call the GetFunction or the GetAlias API to retrieve the latest RevisionId for your resource.
HTTP Status Code: 412
ResourceNotFoundException
The resource (for example, a Lambda function or access policy statement) specified in the request does not exist.
HTTP Status Code: 404
ServiceException
The AWS Lambda service encountered an internal error.
HTTP Status Code: 500
TooManyRequestsException
Request throughput limit exceeded
HTTP Status Code: 429
For more information about using this API in one of the language-specific AWS SDKs, see the following: