aws-sdk-lambda 1.129.0 → 1.131.0

data/lib/aws-sdk-lambda/errors.rb

@@ -52,6 +52,7 @@ module Aws::Lambda
   # * {PolicyLengthExceededException}
   # * {PreconditionFailedException}
   # * {ProvisionedConcurrencyConfigNotFoundException}
+  # * {PublicPolicyException}
   # * {RecursiveInvocationException}
   # * {RequestTooLargeException}
   # * {ResourceConflictException}
@@ -577,6 +578,26 @@ module Aws::Lambda
       end
     end
 
+    class PublicPolicyException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::Lambda::Types::PublicPolicyException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def type
+        @data[:type]
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class RecursiveInvocationException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-lambda/plugins/endpoints.rb

@@ -40,11 +40,20 @@ module Aws::Lambda
           context[:auth_scheme] =
             Aws::Endpoints.resolve_auth_scheme(context, endpoint)
 
-          @handler.call(context)
+          with_metrics(context) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(context, &block)
+          metrics = []
+          metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
+          if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
+            metrics << 'SIGV4A_SIGNING'
+          end
+          Aws::Plugins::UserAgent.metric(*metrics, &block)
+        end
+
         def apply_endpoint_headers(context, headers)
           headers.each do |key, values|
             value = values
@@ -92,6 +101,8 @@ module Aws::Lambda
             Aws::Lambda::Endpoints::DeleteLayerVersion.build(context)
           when :delete_provisioned_concurrency_config
             Aws::Lambda::Endpoints::DeleteProvisionedConcurrencyConfig.build(context)
+          when :delete_resource_policy
+            Aws::Lambda::Endpoints::DeleteResourcePolicy.build(context)
           when :get_account_settings
             Aws::Lambda::Endpoints::GetAccountSettings.build(context)
           when :get_alias
@@ -124,6 +135,10 @@ module Aws::Lambda
             Aws::Lambda::Endpoints::GetPolicy.build(context)
           when :get_provisioned_concurrency_config
             Aws::Lambda::Endpoints::GetProvisionedConcurrencyConfig.build(context)
+          when :get_public_access_block_config
+            Aws::Lambda::Endpoints::GetPublicAccessBlockConfig.build(context)
+          when :get_resource_policy
+            Aws::Lambda::Endpoints::GetResourcePolicy.build(context)
           when :get_runtime_management_config
             Aws::Lambda::Endpoints::GetRuntimeManagementConfig.build(context)
           when :invoke
@@ -170,6 +185,10 @@ module Aws::Lambda
             Aws::Lambda::Endpoints::PutFunctionRecursionConfig.build(context)
           when :put_provisioned_concurrency_config
             Aws::Lambda::Endpoints::PutProvisionedConcurrencyConfig.build(context)
+          when :put_public_access_block_config
+            Aws::Lambda::Endpoints::PutPublicAccessBlockConfig.build(context)
+          when :put_resource_policy
+            Aws::Lambda::Endpoints::PutResourcePolicy.build(context)
           when :put_runtime_management_config
             Aws::Lambda::Endpoints::PutRuntimeManagementConfig.build(context)
           when :remove_layer_version_permission

data/lib/aws-sdk-lambda/types.rb

@@ -1532,6 +1532,28 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to delete
+    #   the policy from. You can use either a qualified or an unqualified
+    #   ARN, but the value you specify must be a complete ARN and wildcard
+    #   characters are not accepted.
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   Delete the existing policy only if its revision ID matches the
+    #   string you specify. To find the revision ID of the policy currently
+    #   attached to your function, use the GetResourcePolicy action.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/DeleteResourcePolicyRequest AWS API Documentation
+    #
+    class DeleteResourcePolicyRequest < Struct.new(
+      :resource_arn,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A configuration object that specifies the destination of an event
     # after Lambda processes it.
     #
@@ -3300,6 +3322,63 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to retrieve
+    #   public-access settings for.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfigRequest AWS API Documentation
+    #
+    class GetPublicAccessBlockConfigRequest < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] public_access_block_config
+    #   The public-access settings configured for the function you specified
+    #   @return [Types::PublicAccessBlockConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfigResponse AWS API Documentation
+    #
+    class GetPublicAccessBlockConfigResponse < Struct.new(
+      :public_access_block_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to retrieve
+    #   the policy for. You can use either a qualified or an unqualified
+    #   ARN, but the value you specify must be a complete ARN and wildcard
+    #   characters are not accepted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicyRequest AWS API Documentation
+    #
+    class GetResourcePolicyRequest < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The resource-based policy attached to the function you specified.
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   The revision ID of the policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicyResponse AWS API Documentation
+    #
+    class GetResourcePolicyResponse < Struct.new(
+      :policy,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] function_name
     #   The name or ARN of the Lambda function.
     #
@@ -4951,6 +5030,52 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # An object that defines the public-access settings for a function.
+    #
+    # @!attribute [rw] block_public_policy
+    #   To block the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `true`.
+    #   To allow the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `false`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] restrict_public_resource
+    #   To block public access to your function, even if its resource-based
+    #   policy allows it, set `RestrictPublicResource` to `true`. To allow
+    #   public access to a function with a resource-based policy that
+    #   permits it, set `RestrictPublicResource` to `false`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PublicAccessBlockConfig AWS API Documentation
+    #
+    class PublicAccessBlockConfig < Struct.new(
+      :block_public_policy,
+      :restrict_public_resource)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Lambda prevented your policy from being created because it would grant
+    # public access to your function. If you intended to create a public
+    # policy, use the PutPublicAccessBlockConfig API action to configure
+    # your function's public-access settings to allow public policies.
+    #
+    # @!attribute [rw] type
+    #   The exception type.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PublicPolicyException AWS API Documentation
+    #
+    class PublicPolicyException < Struct.new(
+      :type,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] layer_name
     #   The name or Amazon Resource Name (ARN) of the layer.
     #   @return [String]
@@ -5435,6 +5560,103 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to configure
+    #   public-access settings for. Public-access settings are applied at
+    #   the function level, so you can't apply different settings to
+    #   function versions or aliases.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_config
+    #   An object defining the public-access settings you want to apply.
+    #
+    #   To block the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `true`.
+    #   To allow the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `false`.
+    #
+    #   To block public access to your function, even if its resource-based
+    #   policy allows it, set `RestrictPublicResource` to `true`. To allow
+    #   public access to a function with a resource-based policy that
+    #   permits it, set `RestrictPublicResource` to `false`.
+    #
+    #   The default setting for both `BlockPublicPolicy` and
+    #   `RestrictPublicResource` is `true`.
+    #   @return [Types::PublicAccessBlockConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfigRequest AWS API Documentation
+    #
+    class PutPublicAccessBlockConfigRequest < Struct.new(
+      :resource_arn,
+      :public_access_block_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] public_access_block_config
+    #   The public-access settings Lambda applied to your function.
+    #   @return [Types::PublicAccessBlockConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfigResponse AWS API Documentation
+    #
+    class PutPublicAccessBlockConfigResponse < Struct.new(
+      :public_access_block_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to add the
+    #   policy to. You can use either a qualified or an unqualified ARN, but
+    #   the value you specify must be a complete ARN and wildcard characters
+    #   are not accepted.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy
+    #   The JSON resource-based policy you want to add to your function.
+    #
+    #   To learn more about creating resource-based policies for controlling
+    #   access to Lambda, see [Working with resource-based IAM policies in
+    #   Lambda][1] in the *Lambda Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   Replace the existing policy only if its revision ID matches the
+    #   string you specify. To find the revision ID of the policy currently
+    #   attached to your function, use the GetResourcePolicy action.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicyRequest AWS API Documentation
+    #
+    class PutResourcePolicyRequest < Struct.new(
+      :resource_arn,
+      :policy,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The policy Lambda added to your function.
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   The revision ID of the policy Lambda added to your function.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicyResponse AWS API Documentation
+    #
+    class PutResourcePolicyResponse < Struct.new(
+      :policy,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] function_name
     #   The name or ARN of the Lambda function.
     #

data/lib/aws-sdk-lambda.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-lambda/event_streams'
 # @!group service
 module Aws::Lambda
 
-  GEM_VERSION = '1.129.0'
+  GEM_VERSION = '1.131.0'
 
 end

data/sig/client.rbs

@@ -471,6 +471,13 @@ module Aws
                                                  ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#delete_resource_policy-instance_method
+      def delete_resource_policy: (
+                                    resource_arn: ::String,
+                                    ?revision_id: ::String
+                                  ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+
       interface _GetAccountSettingsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetAccountSettingsResponse]
         def account_limit: () -> Types::AccountLimit
@@ -745,6 +752,27 @@ module Aws
                                               ) -> _GetProvisionedConcurrencyConfigResponseSuccess
                                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetProvisionedConcurrencyConfigResponseSuccess
 
+      interface _GetPublicAccessBlockConfigResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetPublicAccessBlockConfigResponse]
+        def public_access_block_config: () -> Types::PublicAccessBlockConfig
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#get_public_access_block_config-instance_method
+      def get_public_access_block_config: (
+                                            resource_arn: ::String
+                                          ) -> _GetPublicAccessBlockConfigResponseSuccess
+                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetPublicAccessBlockConfigResponseSuccess
+
+      interface _GetResourcePolicyResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetResourcePolicyResponse]
+        def policy: () -> ::String
+        def revision_id: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#get_resource_policy-instance_method
+      def get_resource_policy: (
+                                 resource_arn: ::String
+                               ) -> _GetResourcePolicyResponseSuccess
+                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetResourcePolicyResponseSuccess
+
       interface _GetRuntimeManagementConfigResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetRuntimeManagementConfigResponse]
         def update_runtime_on: () -> ("Auto" | "Manual" | "FunctionUpdate")
@@ -1116,6 +1144,33 @@ module Aws
                                               ) -> _PutProvisionedConcurrencyConfigResponseSuccess
                                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutProvisionedConcurrencyConfigResponseSuccess
 
+      interface _PutPublicAccessBlockConfigResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::PutPublicAccessBlockConfigResponse]
+        def public_access_block_config: () -> Types::PublicAccessBlockConfig
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#put_public_access_block_config-instance_method
+      def put_public_access_block_config: (
+                                            resource_arn: ::String,
+                                            public_access_block_config: {
+                                              block_public_policy: bool?,
+                                              restrict_public_resource: bool?
+                                            }
+                                          ) -> _PutPublicAccessBlockConfigResponseSuccess
+                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutPublicAccessBlockConfigResponseSuccess
+
+      interface _PutResourcePolicyResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::PutResourcePolicyResponse]
+        def policy: () -> ::String
+        def revision_id: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#put_resource_policy-instance_method
+      def put_resource_policy: (
+                                 resource_arn: ::String,
+                                 policy: ::String,
+                                 ?revision_id: ::String
+                               ) -> _PutResourcePolicyResponseSuccess
+                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutResourcePolicyResponseSuccess
+
       interface _PutRuntimeManagementConfigResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::PutRuntimeManagementConfigResponse]
         def update_runtime_on: () -> ("Auto" | "Manual" | "FunctionUpdate")

data/sig/errors.rbs

@@ -112,6 +112,10 @@ module Aws
         def type: () -> ::String
         def message: () -> ::String
       end
+      class PublicPolicyException < ::Aws::Errors::ServiceError
+        def type: () -> ::String
+        def message: () -> ::String
+      end
       class RecursiveInvocationException < ::Aws::Errors::ServiceError
         def type: () -> ::String
         def message: () -> ::String

data/sig/types.rbs

@@ -293,6 +293,12 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class DeleteResourcePolicyRequest
+      attr_accessor resource_arn: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
     class DestinationConfig
       attr_accessor on_success: Types::OnSuccess
       attr_accessor on_failure: Types::OnFailure
@@ -677,6 +683,27 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class GetPublicAccessBlockConfigRequest
+      attr_accessor resource_arn: ::String
+      SENSITIVE: []
+    end
+
+    class GetPublicAccessBlockConfigResponse
+      attr_accessor public_access_block_config: Types::PublicAccessBlockConfig
+      SENSITIVE: []
+    end
+
+    class GetResourcePolicyRequest
+      attr_accessor resource_arn: ::String
+      SENSITIVE: []
+    end
+
+    class GetResourcePolicyResponse
+      attr_accessor policy: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
     class GetRuntimeManagementConfigRequest
       attr_accessor function_name: ::String
       attr_accessor qualifier: ::String
@@ -1085,6 +1112,18 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class PublicAccessBlockConfig
+      attr_accessor block_public_policy: bool
+      attr_accessor restrict_public_resource: bool
+      SENSITIVE: []
+    end
+
+    class PublicPolicyException
+      attr_accessor type: ::String
+      attr_accessor message: ::String
+      SENSITIVE: []
+    end
+
     class PublishLayerVersionRequest
       attr_accessor layer_name: ::String
       attr_accessor description: ::String
@@ -1171,6 +1210,30 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class PutPublicAccessBlockConfigRequest
+      attr_accessor resource_arn: ::String
+      attr_accessor public_access_block_config: Types::PublicAccessBlockConfig
+      SENSITIVE: []
+    end
+
+    class PutPublicAccessBlockConfigResponse
+      attr_accessor public_access_block_config: Types::PublicAccessBlockConfig
+      SENSITIVE: []
+    end
+
+    class PutResourcePolicyRequest
+      attr_accessor resource_arn: ::String
+      attr_accessor policy: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
+    class PutResourcePolicyResponse
+      attr_accessor policy: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
     class PutRuntimeManagementConfigRequest
       attr_accessor function_name: ::String
       attr_accessor qualifier: ::String

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-lambda
 version: !ruby/object:Gem::Version
-  version: 1.129.0
+  version: 1.131.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-10 00:00:00.000000000 Z
+date: 2024-09-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.203.0
+        version: 3.205.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.203.0
+        version: 3.205.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement