Permission ​
The Permission resource allows you to manage AWS Lambda Permissions that control which services or accounts can invoke your Lambda functions.
Minimal Example ​
Create a basic permission for a Lambda function to allow invocation from an AWS service (e.g., API Gateway):
ts
import AWS from "alchemy/aws/control";
const lambdaPermission = await AWS.Lambda.Permission("apiGatewayInvokePermission", {
FunctionName: "myLambdaFunction",
Action: "lambda:InvokeFunction",
Principal: "apigateway.amazonaws.com",
SourceArn: "arn:aws:execute-api:us-east-1:123456789012:myApiId/*"
});Advanced Configuration ​
Configure a permission with an event source token for more secure invocation:
ts
const secureLambdaPermission = await AWS.Lambda.Permission("secureInvokePermission", {
FunctionName: "mySecureLambdaFunction",
Action: "lambda:InvokeFunction",
Principal: "events.amazonaws.com",
SourceArn: "arn:aws:events:us-east-1:123456789012:rule/myEventRule",
EventSourceToken: "myEventSourceToken"
});Allow Invocation from a Specific Account ​
Create a permission that allows a specific AWS account to invoke the Lambda function:
ts
const accountInvokePermission = await AWS.Lambda.Permission("accountInvokePermission", {
FunctionName: "myAccountLambdaFunction",
Action: "lambda:InvokeFunction",
Principal: "123456789012", // The AWS Account ID
SourceAccount: "123456789012"
});Using Function URL with Auth Type ​
Set up a permission for a Lambda function URL with a specific authentication type:
ts
const functionUrlPermission = await AWS.Lambda.Permission("functionUrlPermission", {
FunctionName: "myFunctionUrlLambda",
Action: "lambda:InvokeFunction",
Principal: "*",
FunctionUrlAuthType: "AWS_IAM"
});