| <a name="input_lambda_permissions"></a> [lambda\_permissions](#input\_lambda\_permissions) | (Optional) Map of principal names to Lambda permission config objects. Gives an<br>external source (like an EventBridge Rule, SNS, or S3) permission to access the<br>Lambda function. The principals can be AWS services, like "events.amazonaws.com",<br>or AWS account IDs - any external principal that requires permission to invoke<br>the Lambda function. With "qualifier" you can optionally narrow the permission to<br>just a specific version or function alias. To ensure the permissions granted are<br>not too broad, AWS service principals must be provided with a "source\_arn"; for<br>example, if the principal is EventBridge (events.amazonaws.com), the "source\_arn"<br>would be that of the EventBridge Rule. "principal\_org\_id" can be used to provide<br>permissions to all accounts within an Organization. | <pre>map(<br> # map keys: principal names ("events.amazonaws.com", account IDs, etc.)<br> object({<br> action = string # e.g., "lambda:InvokeFunction"<br> statement_id = optional(string)<br> qualifier = optional(string) # option to specify a version or alias<br> source_account = optional(string)<br> source_arn = optional(string) # Required if principal is an AWS service<br> principal_org_id = optional(string) # Principal would be the Org root account<br> })<br> )</pre> | `{}` | no |
0 commit comments