add conditions snippet to README

aws · May 18, 2021 · 02cf427 · 02cf427
1 parent 8ebf049
commit 02cf427
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-lambda/README.md b/packages/@aws-cdk/aws-lambda/README.md
@@ -126,6 +126,7 @@ that accesses the function or layer).
 ```ts
 import * as iam from '@aws-cdk/aws-iam';
 const principal = new iam.ServicePrincipal('my-service');
+
 fn.grantInvoke(principal);
 
 // Equivalent to:
@@ -145,6 +146,30 @@ principal in question has conditions limiting the source account or ARN of the
 operation (see above), these conditions will be automatically added to the
 resource policy.
 
+```ts
+import * as iam from '@aws-cdk/aws-iam';
+const servicePrincipal = new iam.ServicePrincipal('my-service');
+const sourceArn = 'arn:aws:s3:::my-bucket';
+const sourceAccount = '111122223333';
+const servicePrincipalWithConditions = servicePrincipal.withConditions({
+  ArnLike: {
+    'aws:SourceArn': sourceArn,
+  },
+  StringEquals: {
+    'aws:SourceAccount': sourceAccount,
+  },
+});
+
+fn.grantInvoke(servicePrincipalWithConditions);
+
+// Equivalent to:
+fn.addPermission('my-service Invocation', {
+  principal: servicePrincipal,
+  sourceArn: sourceArn,
+  sourceAccount: sourceAccount,
+});
+```
+
 ## Versions and Aliases
 
 You can use