LayerVersionPermission

The LayerVersionPermission resource allows you to manage permissions for AWS Lambda Layer Versions, enabling you to control which AWS accounts or organizations can use a specific layer version. For more detailed information, refer to the AWS Lambda LayerVersionPermissions documentation.

Minimal Example

Create a basic LayerVersionPermission that allows a specific AWS account to use a layer version.

import AWS from "alchemy/aws/control";

const layerPermission = await AWS.Lambda.LayerVersionPermission("exampleLayerPermission", {
  Action: "lambda:GetLayerVersion",
  LayerVersionArn: "arn:aws:lambda:us-west-2:123456789012:layer:my-layer:1",
  Principal: "123456789012", // AWS Account ID
  adopt: true // Adopt existing resource if it already exists
});

Advanced Configuration

Configure LayerVersionPermission to allow an entire organization to access a layer version.

const orgLayerPermission = await AWS.Lambda.LayerVersionPermission("orgLayerPermission", {
  Action: "lambda:GetLayerVersion",
  LayerVersionArn: "arn:aws:lambda:us-west-2:123456789012:layer:my-layer:1",
  Principal: "*", // Allow all principals
  OrganizationId: "o-12345678" // Example Organization ID
});

Specific Use Case: Grant Access to Multiple Accounts

You can set permissions for multiple AWS accounts by creating multiple LayerVersionPermission resources.

const account1Permission = await AWS.Lambda.LayerVersionPermission("account1Permission", {
  Action: "lambda:GetLayerVersion",
  LayerVersionArn: "arn:aws:lambda:us-west-2:123456789012:layer:my-layer:1",
  Principal: "111111111111" // First AWS Account ID
});

const account2Permission = await AWS.Lambda.LayerVersionPermission("account2Permission", {
  Action: "lambda:GetLayerVersion",
  LayerVersionArn: "arn:aws:lambda:us-west-2:123456789012:layer:my-layer:1",
  Principal: "222222222222" // Second AWS Account ID
});