Skip to content

Commit

Permalink
feat(aws-lambda): add grantInvoke() method (#962)
Browse files Browse the repository at this point in the history
Add a method that gives invoke permissions on Lambdas.

Fixes #961.
  • Loading branch information
rix0rrr authored Oct 18, 2018
1 parent 5bb7c93 commit 1ee8135
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 0 deletions.
11 changes: 11 additions & 0 deletions packages/@aws-cdk/aws-lambda/lib/lambda-ref.ts
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,17 @@ export abstract class FunctionRef extends cdk.Construct
};
}

/**
* Grant the given identity permissions to invoke this Lambda
*/
public grantInvoke(identity?: iam.IPrincipal) {
if (identity) {
identity.addToPolicy(new iam.PolicyStatement()
.addAction('lambda:InvokeFunction')
.addResource(this.functionArn));
}
}

/**
* Return the given named metric for this Lambda
*/
Expand Down
29 changes: 29 additions & 0 deletions packages/@aws-cdk/aws-lambda/test/test.lambda.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1081,6 +1081,35 @@ export = {
test.done();
},

'grantInvoke adds iam:InvokeFunction'(test: Test) {
// GIVEN
const stack = new cdk.Stack();
const role = new iam.Role(stack, 'Role', {
assumedBy: new iam.AccountPrincipal('1234'),
});
const fn = new lambda.Function(stack, 'Function', {
code: lambda.Code.inline('xxx'),
handler: 'index.handler',
runtime: lambda.Runtime.NodeJS810,
});

// WHEN
fn.grantInvoke(role);

// THEN
expect(stack).to(haveResource('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [
{
Action: 'lambda:InvokeFunction',
Resource: { "Fn::GetAtt": [ "Function76856677", "Arn" ] }
}
]
}
}));

test.done();
},
};

function newTestLambda(parent: cdk.Construct) {
Expand Down

0 comments on commit 1ee8135

Please sign in to comment.