feat(client-lambda): Reverting Lambda resource-based policy and block…

… public access APIs.
aws · Sep 26, 2024 · e1ff422 · e1ff422
1 parent 9dfcfe8
commit e1ff422
Show file tree

Hide file tree

Showing 18 changed files with 21 additions and 1,723 deletions.
diff --git a/clients/client-lambda/README.md b/clients/client-lambda/README.md
@@ -403,14 +403,6 @@ DeleteProvisionedConcurrencyConfig
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/DeleteProvisionedConcurrencyConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteProvisionedConcurrencyConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteProvisionedConcurrencyConfigCommandOutput/)
 
-</details>
-<details>
-<summary>
-DeleteResourcePolicy
-</summary>
-
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/DeleteResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/DeleteResourcePolicyCommandOutput/)
-
 </details>
 <details>
 <summary>
@@ -539,22 +531,6 @@ GetProvisionedConcurrencyConfig
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/GetProvisionedConcurrencyConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetProvisionedConcurrencyConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetProvisionedConcurrencyConfigCommandOutput/)
 
-</details>
-<details>
-<summary>
-GetPublicAccessBlockConfig
-</summary>
-
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/GetPublicAccessBlockConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetPublicAccessBlockConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetPublicAccessBlockConfigCommandOutput/)
-
-</details>
-<details>
-<summary>
-GetResourcePolicy
-</summary>
-
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/GetResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/GetResourcePolicyCommandOutput/)
-
 </details>
 <details>
 <summary>
@@ -739,22 +715,6 @@ PutProvisionedConcurrencyConfig
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/PutProvisionedConcurrencyConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutProvisionedConcurrencyConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutProvisionedConcurrencyConfigCommandOutput/)
 
-</details>
-<details>
-<summary>
-PutPublicAccessBlockConfig
-</summary>
-
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/PutPublicAccessBlockConfigCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutPublicAccessBlockConfigCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutPublicAccessBlockConfigCommandOutput/)
-
-</details>
-<details>
-<summary>
-PutResourcePolicy
-</summary>
-
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/PutResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-lambda/Interface/PutResourcePolicyCommandOutput/)
-
 </details>
 <details>
 <summary>

diff --git a/clients/client-lambda/src/Lambda.ts b/clients/client-lambda/src/Lambda.ts
@@ -79,11 +79,6 @@ import {
   DeleteProvisionedConcurrencyConfigCommandInput,
   DeleteProvisionedConcurrencyConfigCommandOutput,
 } from "./commands/DeleteProvisionedConcurrencyConfigCommand";
-import {
-  DeleteResourcePolicyCommand,
-  DeleteResourcePolicyCommandInput,
-  DeleteResourcePolicyCommandOutput,
-} from "./commands/DeleteResourcePolicyCommand";
 import {
   GetAccountSettingsCommand,
   GetAccountSettingsCommandInput,
@@ -152,16 +147,6 @@ import {
   GetProvisionedConcurrencyConfigCommandInput,
   GetProvisionedConcurrencyConfigCommandOutput,
 } from "./commands/GetProvisionedConcurrencyConfigCommand";
-import {
-  GetPublicAccessBlockConfigCommand,
-  GetPublicAccessBlockConfigCommandInput,
-  GetPublicAccessBlockConfigCommandOutput,
-} from "./commands/GetPublicAccessBlockConfigCommand";
-import {
-  GetResourcePolicyCommand,
-  GetResourcePolicyCommandInput,
-  GetResourcePolicyCommandOutput,
-} from "./commands/GetResourcePolicyCommand";
 import {
   GetRuntimeManagementConfigCommand,
   GetRuntimeManagementConfigCommandInput,
@@ -257,16 +242,6 @@ import {
   PutProvisionedConcurrencyConfigCommandInput,
   PutProvisionedConcurrencyConfigCommandOutput,
 } from "./commands/PutProvisionedConcurrencyConfigCommand";
-import {
-  PutPublicAccessBlockConfigCommand,
-  PutPublicAccessBlockConfigCommandInput,
-  PutPublicAccessBlockConfigCommandOutput,
-} from "./commands/PutPublicAccessBlockConfigCommand";
-import {
-  PutResourcePolicyCommand,
-  PutResourcePolicyCommandInput,
-  PutResourcePolicyCommandOutput,
-} from "./commands/PutResourcePolicyCommand";
 import {
   PutRuntimeManagementConfigCommand,
   PutRuntimeManagementConfigCommandInput,
@@ -339,7 +314,6 @@ const commands = {
   DeleteFunctionUrlConfigCommand,
   DeleteLayerVersionCommand,
   DeleteProvisionedConcurrencyConfigCommand,
-  DeleteResourcePolicyCommand,
   GetAccountSettingsCommand,
   GetAliasCommand,
   GetCodeSigningConfigCommand,
@@ -356,8 +330,6 @@ const commands = {
   GetLayerVersionPolicyCommand,
   GetPolicyCommand,
   GetProvisionedConcurrencyConfigCommand,
-  GetPublicAccessBlockConfigCommand,
-  GetResourcePolicyCommand,
   GetRuntimeManagementConfigCommand,
   InvokeCommand,
   InvokeAsyncCommand,
@@ -381,8 +353,6 @@ const commands = {
   PutFunctionEventInvokeConfigCommand,
   PutFunctionRecursionConfigCommand,
   PutProvisionedConcurrencyConfigCommand,
-  PutPublicAccessBlockConfigCommand,
-  PutResourcePolicyCommand,
   PutRuntimeManagementConfigCommand,
   RemoveLayerVersionPermissionCommand,
   RemovePermissionCommand,
@@ -663,23 +633,6 @@ export interface Lambda {
     cb: (err: any, data?: DeleteProvisionedConcurrencyConfigCommandOutput) => void
   ): void;
 
-  /**
-   * @see {@link DeleteResourcePolicyCommand}
-   */
-  deleteResourcePolicy(
-    args: DeleteResourcePolicyCommandInput,
-    options?: __HttpHandlerOptions
-  ): Promise<DeleteResourcePolicyCommandOutput>;
-  deleteResourcePolicy(
-    args: DeleteResourcePolicyCommandInput,
-    cb: (err: any, data?: DeleteResourcePolicyCommandOutput) => void
-  ): void;
-  deleteResourcePolicy(
-    args: DeleteResourcePolicyCommandInput,
-    options: __HttpHandlerOptions,
-    cb: (err: any, data?: DeleteResourcePolicyCommandOutput) => void
-  ): void;
-
   /**
    * @see {@link GetAccountSettingsCommand}
    */
@@ -932,40 +885,6 @@ export interface Lambda {
     cb: (err: any, data?: GetProvisionedConcurrencyConfigCommandOutput) => void
   ): void;
 
-  /**
-   * @see {@link GetPublicAccessBlockConfigCommand}
-   */
-  getPublicAccessBlockConfig(
-    args: GetPublicAccessBlockConfigCommandInput,
-    options?: __HttpHandlerOptions
-  ): Promise<GetPublicAccessBlockConfigCommandOutput>;
-  getPublicAccessBlockConfig(
-    args: GetPublicAccessBlockConfigCommandInput,
-    cb: (err: any, data?: GetPublicAccessBlockConfigCommandOutput) => void
-  ): void;
-  getPublicAccessBlockConfig(
-    args: GetPublicAccessBlockConfigCommandInput,
-    options: __HttpHandlerOptions,
-    cb: (err: any, data?: GetPublicAccessBlockConfigCommandOutput) => void
-  ): void;
-
-  /**
-   * @see {@link GetResourcePolicyCommand}
-   */
-  getResourcePolicy(
-    args: GetResourcePolicyCommandInput,
-    options?: __HttpHandlerOptions
-  ): Promise<GetResourcePolicyCommandOutput>;
-  getResourcePolicy(
-    args: GetResourcePolicyCommandInput,
-    cb: (err: any, data?: GetResourcePolicyCommandOutput) => void
-  ): void;
-  getResourcePolicy(
-    args: GetResourcePolicyCommandInput,
-    options: __HttpHandlerOptions,
-    cb: (err: any, data?: GetResourcePolicyCommandOutput) => void
-  ): void;
-
   /**
    * @see {@link GetRuntimeManagementConfigCommand}
    */
@@ -1322,40 +1241,6 @@ export interface Lambda {
     cb: (err: any, data?: PutProvisionedConcurrencyConfigCommandOutput) => void
   ): void;
 
-  /**
-   * @see {@link PutPublicAccessBlockConfigCommand}
-   */
-  putPublicAccessBlockConfig(
-    args: PutPublicAccessBlockConfigCommandInput,
-    options?: __HttpHandlerOptions
-  ): Promise<PutPublicAccessBlockConfigCommandOutput>;
-  putPublicAccessBlockConfig(
-    args: PutPublicAccessBlockConfigCommandInput,
-    cb: (err: any, data?: PutPublicAccessBlockConfigCommandOutput) => void
-  ): void;
-  putPublicAccessBlockConfig(
-    args: PutPublicAccessBlockConfigCommandInput,
-    options: __HttpHandlerOptions,
-    cb: (err: any, data?: PutPublicAccessBlockConfigCommandOutput) => void
-  ): void;
-
-  /**
-   * @see {@link PutResourcePolicyCommand}
-   */
-  putResourcePolicy(
-    args: PutResourcePolicyCommandInput,
-    options?: __HttpHandlerOptions
-  ): Promise<PutResourcePolicyCommandOutput>;
-  putResourcePolicy(
-    args: PutResourcePolicyCommandInput,
-    cb: (err: any, data?: PutResourcePolicyCommandOutput) => void
-  ): void;
-  putResourcePolicy(
-    args: PutResourcePolicyCommandInput,
-    options: __HttpHandlerOptions,
-    cb: (err: any, data?: PutResourcePolicyCommandOutput) => void
-  ): void;
-
   /**
    * @see {@link PutRuntimeManagementConfigCommand}
    */

diff --git a/clients/client-lambda/src/LambdaClient.ts b/clients/client-lambda/src/LambdaClient.ts
@@ -109,10 +109,6 @@ import {
   DeleteProvisionedConcurrencyConfigCommandInput,
   DeleteProvisionedConcurrencyConfigCommandOutput,
 } from "./commands/DeleteProvisionedConcurrencyConfigCommand";
-import {
-  DeleteResourcePolicyCommandInput,
-  DeleteResourcePolicyCommandOutput,
-} from "./commands/DeleteResourcePolicyCommand";
 import { GetAccountSettingsCommandInput, GetAccountSettingsCommandOutput } from "./commands/GetAccountSettingsCommand";
 import { GetAliasCommandInput, GetAliasCommandOutput } from "./commands/GetAliasCommand";
 import {
@@ -162,11 +158,6 @@ import {
   GetProvisionedConcurrencyConfigCommandInput,
   GetProvisionedConcurrencyConfigCommandOutput,
 } from "./commands/GetProvisionedConcurrencyConfigCommand";
-import {
-  GetPublicAccessBlockConfigCommandInput,
-  GetPublicAccessBlockConfigCommandOutput,
-} from "./commands/GetPublicAccessBlockConfigCommand";
-import { GetResourcePolicyCommandInput, GetResourcePolicyCommandOutput } from "./commands/GetResourcePolicyCommand";
 import {
   GetRuntimeManagementConfigCommandInput,
   GetRuntimeManagementConfigCommandOutput,
@@ -235,11 +226,6 @@ import {
   PutProvisionedConcurrencyConfigCommandInput,
   PutProvisionedConcurrencyConfigCommandOutput,
 } from "./commands/PutProvisionedConcurrencyConfigCommand";
-import {
-  PutPublicAccessBlockConfigCommandInput,
-  PutPublicAccessBlockConfigCommandOutput,
-} from "./commands/PutPublicAccessBlockConfigCommand";
-import { PutResourcePolicyCommandInput, PutResourcePolicyCommandOutput } from "./commands/PutResourcePolicyCommand";
 import {
   PutRuntimeManagementConfigCommandInput,
   PutRuntimeManagementConfigCommandOutput,
@@ -305,7 +291,6 @@ export type ServiceInputTypes =
   | DeleteFunctionUrlConfigCommandInput
   | DeleteLayerVersionCommandInput
   | DeleteProvisionedConcurrencyConfigCommandInput
-  | DeleteResourcePolicyCommandInput
   | GetAccountSettingsCommandInput
   | GetAliasCommandInput
   | GetCodeSigningConfigCommandInput
@@ -322,8 +307,6 @@ export type ServiceInputTypes =
   | GetLayerVersionPolicyCommandInput
   | GetPolicyCommandInput
   | GetProvisionedConcurrencyConfigCommandInput
-  | GetPublicAccessBlockConfigCommandInput
-  | GetResourcePolicyCommandInput
   | GetRuntimeManagementConfigCommandInput
   | InvokeAsyncCommandInput
   | InvokeCommandInput
@@ -347,8 +330,6 @@ export type ServiceInputTypes =
   | PutFunctionEventInvokeConfigCommandInput
   | PutFunctionRecursionConfigCommandInput
   | PutProvisionedConcurrencyConfigCommandInput
-  | PutPublicAccessBlockConfigCommandInput
-  | PutResourcePolicyCommandInput
   | PutRuntimeManagementConfigCommandInput
   | RemoveLayerVersionPermissionCommandInput
   | RemovePermissionCommandInput
@@ -383,7 +364,6 @@ export type ServiceOutputTypes =
   | DeleteFunctionUrlConfigCommandOutput
   | DeleteLayerVersionCommandOutput
   | DeleteProvisionedConcurrencyConfigCommandOutput
-  | DeleteResourcePolicyCommandOutput
   | GetAccountSettingsCommandOutput
   | GetAliasCommandOutput
   | GetCodeSigningConfigCommandOutput
@@ -400,8 +380,6 @@ export type ServiceOutputTypes =
   | GetLayerVersionPolicyCommandOutput
   | GetPolicyCommandOutput
   | GetProvisionedConcurrencyConfigCommandOutput
-  | GetPublicAccessBlockConfigCommandOutput
-  | GetResourcePolicyCommandOutput
   | GetRuntimeManagementConfigCommandOutput
   | InvokeAsyncCommandOutput
   | InvokeCommandOutput
@@ -425,8 +403,6 @@ export type ServiceOutputTypes =
   | PutFunctionEventInvokeConfigCommandOutput
   | PutFunctionRecursionConfigCommandOutput
   | PutProvisionedConcurrencyConfigCommandOutput
-  | PutPublicAccessBlockConfigCommandOutput
-  | PutResourcePolicyCommandOutput
   | PutRuntimeManagementConfigCommandOutput
   | RemoveLayerVersionPermissionCommandOutput
   | RemovePermissionCommandOutput

diff --git a/clients/client-lambda/src/commands/AddPermissionCommand.ts b/clients/client-lambda/src/commands/AddPermissionCommand.ts
@@ -35,8 +35,8 @@ export interface AddPermissionCommandOutput extends AddPermissionResponse, __Met
  *       to version $LATEST.</p>
  *          <p>To grant permission to another account, specify the account ID as the <code>Principal</code>. To grant
  *       permission to an organization defined in Organizations, specify the organization ID as the
- *         <code>PrincipalOrgID</code>. For Amazon Web Servicesservices, the principal is a domain-style identifier that
- *       the service defines, such as <code>s3.amazonaws.com</code> or <code>sns.amazonaws.com</code>. For Amazon Web Servicesservices, you can also specify the ARN of the associated resource as the <code>SourceArn</code>. If
+ *         <code>PrincipalOrgID</code>. For Amazon Web Services services, the principal is a domain-style identifier that
+ *       the service defines, such as <code>s3.amazonaws.com</code> or <code>sns.amazonaws.com</code>. For Amazon Web Services services, you can also specify the ARN of the associated resource as the <code>SourceArn</code>. If
  *       you grant permission to a service principal without specifying the source, other accounts could potentially
  *       configure resources in their account to invoke your Lambda function.</p>
  *          <p>This operation adds a statement to a resource-based permissions policy for the function. For more information
@@ -93,11 +93,6 @@ export interface AddPermissionCommandOutput extends AddPermissionResponse, __Met
  *             </li>
  *          </ul>
  *
- * @throws {@link PublicPolicyException} (client fault)
- *  <p>Lambda prevented your policy from being created because it would grant public access to your function. If you intended to
- *       create a public policy, use the <a>PutPublicAccessBlockConfig</a> API action to configure your function's public-access settings
- *       to allow public policies.</p>
- *
  * @throws {@link ResourceConflictException} (client fault)
  *  <p>The resource already exists, or another operation is in progress.</p>
  *

diff --git a/clients/client-lambda/src/commands/CreateFunctionCommand.ts b/clients/client-lambda/src/commands/CreateFunctionCommand.ts
@@ -35,7 +35,7 @@ export interface CreateFunctionCommandOutput extends FunctionConfiguration, __Me
 /**
  * <p>Creates a Lambda function. To create a function, you need a <a href="https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html">deployment package</a> and an <a href="https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html#lambda-intro-execution-role">execution role</a>. The
  *       deployment package is a .zip file archive or container image that contains your function code. The execution role
- *       grants the function permission to use Amazon Web Servicesservices, such as Amazon CloudWatch Logs for log
+ *       grants the function permission to use Amazon Web Services services, such as Amazon CloudWatch Logs for log
  *       streaming and X-Ray for request tracing.</p>
  *          <p>If the deployment package is a <a href="https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html">container
  *         image</a>, then you set the package type to <code>Image</code>. For a container image, the code property
@@ -66,9 +66,9 @@ export interface CreateFunctionCommandOutput extends FunctionConfiguration, __Me
  *         <a>UpdateFunctionCode</a>, Lambda checks that the code package has a valid signature from
  *       a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted
  *       publishers for this function.</p>
- *          <p>If another Amazon Web Services account or an Amazon Web Servicesservice invokes your function, use <a>AddPermission</a> to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.</p>
+ *          <p>If another Amazon Web Services account or an Amazon Web Services service invokes your function, use <a>AddPermission</a> to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.</p>
  *          <p>To invoke your function directly, use <a>Invoke</a>. To invoke your function in response to events
- *       in other Amazon Web Servicesservices, create an event source mapping (<a>CreateEventSourceMapping</a>),
+ *       in other Amazon Web Services services, create an event source mapping (<a>CreateEventSourceMapping</a>),
  *       or configure a function trigger in the other service. For more information, see <a href="https://docs.aws.amazon.com/lambda/latest/dg/lambda-invocation.html">Invoking Lambda
  *       functions</a>.</p>
  * @example

diff --git a/clients/client-lambda/src/commands/DeleteFunctionCommand.ts b/clients/client-lambda/src/commands/DeleteFunctionCommand.ts
@@ -31,7 +31,7 @@ export interface DeleteFunctionCommandOutput extends __MetadataBearer {}
  * <p>Deletes a Lambda function. To delete a specific function version, use the <code>Qualifier</code> parameter.
  *       Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit
  *       permissions for <a>DeleteAlias</a>.</p>
- *          <p>To delete Lambda event source mappings that invoke a function, use <a>DeleteEventSourceMapping</a>. For Amazon Web Servicesservices and resources that invoke your function
+ *          <p>To delete Lambda event source mappings that invoke a function, use <a>DeleteEventSourceMapping</a>. For Amazon Web Services services and resources that invoke your function
  *       directly, delete the trigger in the service where you originally configured it.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.