View a markdown version of this page

Granting function access to an organization - AWS Lambda

Granting function access to an organization

To grant permissions to an organization in AWS Organizations, specify the organization ID as the principal-org-id. The following add-permission command grants invocation access to all users in organization o-a1b2c3d4e5f.

aws lambda add-permission \ --function-name example \ --statement-id PrincipalOrgIDExample \ --action lambda:InvokeFunction \ --principal * \ --principal-org-id o-a1b2c3d4e5f
Note

In this command, Principal is *. This means that all users in the organization o-a1b2c3d4e5f get function invocation permissions. If you specify an AWS account or role as the Principal, then only that principal gets function invocation permissions, but only if they are also part of the o-a1b2c3d4e5f organization.

This command creates a resource-based policy that looks like the following:

JSON
{ "Version":"2012-10-17", "Statement": [ { "Sid": "PrincipalOrgIDExample", "Effect": "Allow", "Principal": "*", "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:us-east-2:123456789012:function:example", "Condition": { "StringEquals": { "aws:PrincipalOrgID": "o-a1b2c3d4e5f" } } } ] }

For more information, see aws:PrincipalOrgID in the IAM user guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.

AltStyle によって変換されたページ (->オリジナル) /