File tree Expand file tree Collapse file tree 2 files changed +40
-0
lines changed
packages/@aws-cdk/aws-lambda Expand file tree Collapse file tree 2 files changed +40
-0
lines changed Original file line number Diff line number Diff line change @@ -251,6 +251,17 @@ export abstract class FunctionRef extends cdk.Construct
251251 } ;
252252 }
253253
254+ /**
255+ * Grant the given identity permissions to invoke this Lambda
256+ */
257+ public grantInvoke ( identity ?: iam . IPrincipal ) {
258+ if ( identity ) {
259+ identity . addToPolicy ( new iam . PolicyStatement ( )
260+ . addAction ( 'lambda:InvokeFunction' )
261+ . addResource ( this . functionArn ) ) ;
262+ }
263+ }
264+
254265 /**
255266 * Return the given named metric for this Lambda
256267 */
Original file line number Diff line number Diff line change @@ -1081,6 +1081,35 @@ export = {
10811081 test . done ( ) ;
10821082 } ,
10831083
1084+ 'grantInvoke adds iam:InvokeFunction' ( test : Test ) {
1085+ // GIVEN
1086+ const stack = new cdk . Stack ( ) ;
1087+ const role = new iam . Role ( stack , 'Role' , {
1088+ assumedBy : new iam . AccountPrincipal ( '1234' ) ,
1089+ } ) ;
1090+ const fn = new lambda . Function ( stack , 'Function' , {
1091+ code : lambda . Code . inline ( 'xxx' ) ,
1092+ handler : 'index.handler' ,
1093+ runtime : lambda . Runtime . NodeJS810 ,
1094+ } ) ;
1095+
1096+ // WHEN
1097+ fn . grantInvoke ( role ) ;
1098+
1099+ // THEN
1100+ expect ( stack ) . to ( haveResource ( 'AWS::IAM::Policy' , {
1101+ PolicyDocument : {
1102+ Statement : [
1103+ {
1104+ Action : 'lambda:InvokeFunction' ,
1105+ Resource : { "Fn::GetAtt" : [ "Function76856677" , "Arn" ] }
1106+ }
1107+ ]
1108+ }
1109+ } ) ) ;
1110+
1111+ test . done ( ) ;
1112+ } ,
10841113} ;
10851114
10861115function newTestLambda ( parent : cdk . Construct ) {
You can’t perform that action at this time.
0 commit comments