aws-sdk-lambda 1.130.0 → 1.131.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b6532d3a0809bd7c331370083e0d9306810545a02d23ac6df1c6a715fe35c58
-  data.tar.gz: 42a60f2ca275d0cd28f66cd4c3c756f4e577c198e4c5acdfbe3c118c805a20b6
+  metadata.gz: 2325a1f7266afce8abd7e4f97535445bc1beb806ff93f82b816a21df828dffe7
+  data.tar.gz: '0950c000fd8da2c6d68c1b71fc84fe95e8b5e0ead0691a1fb1993b4950061ab5'
 SHA512:
-  metadata.gz: 899518828729c19ef95dad21a49986ae0c6eafc06745aa86e698db1eb43bc686e1dd7dd9ae8a6a30cd4e18fa7f86bb444898902d749403c4fce935335ceb1c2c
-  data.tar.gz: b7c82a6c61ec5ce002d4996dfaf2a238d6d7196e98e1212109268efdc83be464cdb3d5bf8891c9944b25d0481644c7d135cbaa4fcd4a08a46321859a66d3bf80
+  metadata.gz: ae8584979cc1cc80a0f21684986f24aec353fd2422eef0e35af2772d91aa5e28dfb69bcc21eeaf057442b2672148b85d301a7b77cb4e77169e766d26dc230cf6
+  data.tar.gz: aaaa56afad2d37595c44f10cd6d9aeaab0a3b20f25473b9ea830ac412ab7dffdc30d62bc01e8257b46fd67f14b424cbc6e89631c4144767502f203ff4ead2884

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.131.0 (2024-09-17)
+------------------
+
+* Feature - Support for JSON resource-based policies and block public access
+
 1.130.0 (2024-09-11)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.130.0
+1.131.0

data/lib/aws-sdk-lambda/client.rb

@@ -2192,6 +2192,41 @@ module Aws::Lambda
       req.send_request(options)
     end
 
+    # Deletes a [resource-based policy][1] from a function.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to delete the
+    #   policy from. You can use either a qualified or an unqualified ARN, but
+    #   the value you specify must be a complete ARN and wildcard characters
+    #   are not accepted.
+    #
+    # @option params [String] :revision_id
+    #   Delete the existing policy only if its revision ID matches the string
+    #   you specify. To find the revision ID of the policy currently attached
+    #   to your function, use the GetResourcePolicy action.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_resource_policy({
+    #     resource_arn: "PolicyResourceArn", # required
+    #     revision_id: "RevisionId",
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/DeleteResourcePolicy AWS API Documentation
+    #
+    # @overload delete_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def delete_resource_policy(params = {}, options = {})
+      req = build_request(:delete_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Retrieves details about your account's [limits][1] and usage in an
     # Amazon Web Services Region.
     #
@@ -3198,6 +3233,73 @@ module Aws::Lambda
       req.send_request(options)
     end
 
+    # Retrieve the public-access settings for a function.
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to retrieve
+    #   public-access settings for.
+    #
+    # @return [Types::GetPublicAccessBlockConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPublicAccessBlockConfigResponse#public_access_block_config #public_access_block_config} => Types::PublicAccessBlockConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_public_access_block_config({
+    #     resource_arn: "PublicAccessBlockResourceArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.public_access_block_config.block_public_policy #=> Boolean
+    #   resp.public_access_block_config.restrict_public_resource #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfig AWS API Documentation
+    #
+    # @overload get_public_access_block_config(params = {})
+    # @param [Hash] params ({})
+    def get_public_access_block_config(params = {}, options = {})
+      req = build_request(:get_public_access_block_config, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the [resource-based policy][1] attached to a function.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to retrieve
+    #   the policy for. You can use either a qualified or an unqualified ARN,
+    #   but the value you specify must be a complete ARN and wildcard
+    #   characters are not accepted.
+    #
+    # @return [Types::GetResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResourcePolicyResponse#policy #policy} => String
+    #   * {Types::GetResourcePolicyResponse#revision_id #revision_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resource_policy({
+    #     resource_arn: "PolicyResourceArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy #=> String
+    #   resp.revision_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicy AWS API Documentation
+    #
+    # @overload get_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def get_resource_policy(params = {}, options = {})
+      req = build_request(:get_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Retrieves the runtime management configuration for a function's
     # version. If the runtime update mode is **Manual**, this includes the
     # ARN of the runtime version and the runtime update mode. If the runtime
@@ -5235,6 +5337,135 @@ module Aws::Lambda
       req.send_request(options)
     end
 
+    # Configure your function's public-access settings.
+    #
+    # To control public access to a Lambda function, you can choose whether
+    # to allow the creation of [resource-based policies][1] that allow
+    # public access to that function. You can also block public access to a
+    # function, even if it has an existing resource-based policy that allows
+    # it.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to configure
+    #   public-access settings for. Public-access settings are applied at the
+    #   function level, so you can't apply different settings to function
+    #   versions or aliases.
+    #
+    # @option params [required, Types::PublicAccessBlockConfig] :public_access_block_config
+    #   An object defining the public-access settings you want to apply.
+    #
+    #   To block the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `true`. To
+    #   allow the creation of resource-based policies that would grant public
+    #   access to your function, set `BlockPublicPolicy` to `false`.
+    #
+    #   To block public access to your function, even if its resource-based
+    #   policy allows it, set `RestrictPublicResource` to `true`. To allow
+    #   public access to a function with a resource-based policy that permits
+    #   it, set `RestrictPublicResource` to `false`.
+    #
+    #   The default setting for both `BlockPublicPolicy` and
+    #   `RestrictPublicResource` is `true`.
+    #
+    # @return [Types::PutPublicAccessBlockConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutPublicAccessBlockConfigResponse#public_access_block_config #public_access_block_config} => Types::PublicAccessBlockConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_public_access_block_config({
+    #     resource_arn: "PublicAccessBlockResourceArn", # required
+    #     public_access_block_config: { # required
+    #       block_public_policy: false,
+    #       restrict_public_resource: false,
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.public_access_block_config.block_public_policy #=> Boolean
+    #   resp.public_access_block_config.restrict_public_resource #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfig AWS API Documentation
+    #
+    # @overload put_public_access_block_config(params = {})
+    # @param [Hash] params ({})
+    def put_public_access_block_config(params = {}, options = {})
+      req = build_request(:put_public_access_block_config, params)
+      req.send_request(options)
+    end
+
+    # Adds a [resource-based policy][1] to a function. You can use
+    # resource-based policies to grant access to other [Amazon Web Services
+    # accounts][2], [organizations][3], or [services][4]. Resource-based
+    # policies apply to a single function, version, or alias.
+    #
+    # Adding a resource-based policy using this API action replaces any
+    # existing policy you've previously created. This means that if you've
+    # previously added resource-based permissions to a function using the
+    # AddPermission action, those permissions will be overwritten by your
+    # new policy.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html
+    # [2]: https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-cross-account.html
+    # [3]: https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-organization.html
+    # [4]: https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-services.html
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to add the
+    #   policy to. You can use either a qualified or an unqualified ARN, but
+    #   the value you specify must be a complete ARN and wildcard characters
+    #   are not accepted.
+    #
+    # @option params [required, String] :policy
+    #   The JSON resource-based policy you want to add to your function.
+    #
+    #   To learn more about creating resource-based policies for controlling
+    #   access to Lambda, see [Working with resource-based IAM policies in
+    #   Lambda][1] in the *Lambda Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/
+    #
+    # @option params [String] :revision_id
+    #   Replace the existing policy only if its revision ID matches the string
+    #   you specify. To find the revision ID of the policy currently attached
+    #   to your function, use the GetResourcePolicy action.
+    #
+    # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutResourcePolicyResponse#policy #policy} => String
+    #   * {Types::PutResourcePolicyResponse#revision_id #revision_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_resource_policy({
+    #     resource_arn: "PolicyResourceArn", # required
+    #     policy: "ResourcePolicy", # required
+    #     revision_id: "RevisionId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy #=> String
+    #   resp.revision_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicy AWS API Documentation
+    #
+    # @overload put_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def put_resource_policy(params = {}, options = {})
+      req = build_request(:put_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Sets the runtime management configuration for a function's version.
     # For more information, see [Runtime updates][1].
     #
@@ -6755,7 +6986,7 @@ module Aws::Lambda
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-lambda'
-      context[:gem_version] = '1.130.0'
+      context[:gem_version] = '1.131.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-lambda/client_api.rb

@@ -75,6 +75,7 @@ module Aws::Lambda
     DeleteFunctionUrlConfigRequest = Shapes::StructureShape.new(name: 'DeleteFunctionUrlConfigRequest')
     DeleteLayerVersionRequest = Shapes::StructureShape.new(name: 'DeleteLayerVersionRequest')
     DeleteProvisionedConcurrencyConfigRequest = Shapes::StructureShape.new(name: 'DeleteProvisionedConcurrencyConfigRequest')
+    DeleteResourcePolicyRequest = Shapes::StructureShape.new(name: 'DeleteResourcePolicyRequest')
     Description = Shapes::StringShape.new(name: 'Description')
     DestinationArn = Shapes::StringShape.new(name: 'DestinationArn')
     DestinationConfig = Shapes::StructureShape.new(name: 'DestinationConfig')
@@ -158,6 +159,10 @@ module Aws::Lambda
     GetPolicyResponse = Shapes::StructureShape.new(name: 'GetPolicyResponse')
     GetProvisionedConcurrencyConfigRequest = Shapes::StructureShape.new(name: 'GetProvisionedConcurrencyConfigRequest')
     GetProvisionedConcurrencyConfigResponse = Shapes::StructureShape.new(name: 'GetProvisionedConcurrencyConfigResponse')
+    GetPublicAccessBlockConfigRequest = Shapes::StructureShape.new(name: 'GetPublicAccessBlockConfigRequest')
+    GetPublicAccessBlockConfigResponse = Shapes::StructureShape.new(name: 'GetPublicAccessBlockConfigResponse')
+    GetResourcePolicyRequest = Shapes::StructureShape.new(name: 'GetResourcePolicyRequest')
+    GetResourcePolicyResponse = Shapes::StructureShape.new(name: 'GetResourcePolicyResponse')
     GetRuntimeManagementConfigRequest = Shapes::StructureShape.new(name: 'GetRuntimeManagementConfigRequest')
     GetRuntimeManagementConfigResponse = Shapes::StructureShape.new(name: 'GetRuntimeManagementConfigResponse')
     Handler = Shapes::StringShape.new(name: 'Handler')
@@ -268,6 +273,7 @@ module Aws::Lambda
     ParallelizationFactor = Shapes::IntegerShape.new(name: 'ParallelizationFactor')
     Pattern = Shapes::StringShape.new(name: 'Pattern')
     PolicyLengthExceededException = Shapes::StructureShape.new(name: 'PolicyLengthExceededException')
+    PolicyResourceArn = Shapes::StringShape.new(name: 'PolicyResourceArn')
     PositiveInteger = Shapes::IntegerShape.new(name: 'PositiveInteger')
     PreconditionFailedException = Shapes::StructureShape.new(name: 'PreconditionFailedException')
     Principal = Shapes::StringShape.new(name: 'Principal')
@@ -276,6 +282,9 @@ module Aws::Lambda
     ProvisionedConcurrencyConfigListItem = Shapes::StructureShape.new(name: 'ProvisionedConcurrencyConfigListItem')
     ProvisionedConcurrencyConfigNotFoundException = Shapes::StructureShape.new(name: 'ProvisionedConcurrencyConfigNotFoundException')
     ProvisionedConcurrencyStatusEnum = Shapes::StringShape.new(name: 'ProvisionedConcurrencyStatusEnum')
+    PublicAccessBlockConfig = Shapes::StructureShape.new(name: 'PublicAccessBlockConfig')
+    PublicAccessBlockResourceArn = Shapes::StringShape.new(name: 'PublicAccessBlockResourceArn')
+    PublicPolicyException = Shapes::StructureShape.new(name: 'PublicPolicyException')
     PublishLayerVersionRequest = Shapes::StructureShape.new(name: 'PublishLayerVersionRequest')
     PublishLayerVersionResponse = Shapes::StructureShape.new(name: 'PublishLayerVersionResponse')
     PublishVersionRequest = Shapes::StructureShape.new(name: 'PublishVersionRequest')
@@ -287,6 +296,10 @@ module Aws::Lambda
     PutFunctionRecursionConfigResponse = Shapes::StructureShape.new(name: 'PutFunctionRecursionConfigResponse')
     PutProvisionedConcurrencyConfigRequest = Shapes::StructureShape.new(name: 'PutProvisionedConcurrencyConfigRequest')
     PutProvisionedConcurrencyConfigResponse = Shapes::StructureShape.new(name: 'PutProvisionedConcurrencyConfigResponse')
+    PutPublicAccessBlockConfigRequest = Shapes::StructureShape.new(name: 'PutPublicAccessBlockConfigRequest')
+    PutPublicAccessBlockConfigResponse = Shapes::StructureShape.new(name: 'PutPublicAccessBlockConfigResponse')
+    PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest')
+    PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
     PutRuntimeManagementConfigRequest = Shapes::StructureShape.new(name: 'PutRuntimeManagementConfigRequest')
     PutRuntimeManagementConfigResponse = Shapes::StructureShape.new(name: 'PutRuntimeManagementConfigResponse')
     Qualifier = Shapes::StringShape.new(name: 'Qualifier')
@@ -303,7 +316,9 @@ module Aws::Lambda
     ResourceInUseException = Shapes::StructureShape.new(name: 'ResourceInUseException')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourceNotReadyException = Shapes::StructureShape.new(name: 'ResourceNotReadyException')
+    ResourcePolicy = Shapes::StringShape.new(name: 'ResourcePolicy')
     ResponseStreamingInvocationType = Shapes::StringShape.new(name: 'ResponseStreamingInvocationType')
+    RevisionId = Shapes::StringShape.new(name: 'RevisionId')
     RoleArn = Shapes::StringShape.new(name: 'RoleArn')
     Runtime = Shapes::StringShape.new(name: 'Runtime')
     RuntimeVersionArn = Shapes::StringShape.new(name: 'RuntimeVersionArn')
@@ -609,6 +624,10 @@ module Aws::Lambda
     DeleteProvisionedConcurrencyConfigRequest.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, required: true, location: "querystring", location_name: "Qualifier"))
     DeleteProvisionedConcurrencyConfigRequest.struct_class = Types::DeleteProvisionedConcurrencyConfigRequest
 
+    DeleteResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PolicyResourceArn, required: true, location: "uri", location_name: "ResourceArn"))
+    DeleteResourcePolicyRequest.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location: "querystring", location_name: "RevisionId"))
+    DeleteResourcePolicyRequest.struct_class = Types::DeleteResourcePolicyRequest
+
     DestinationConfig.add_member(:on_success, Shapes::ShapeRef.new(shape: OnSuccess, location_name: "OnSuccess"))
     DestinationConfig.add_member(:on_failure, Shapes::ShapeRef.new(shape: OnFailure, location_name: "OnFailure"))
     DestinationConfig.struct_class = Types::DestinationConfig
@@ -916,6 +935,19 @@ module Aws::Lambda
     GetProvisionedConcurrencyConfigResponse.add_member(:last_modified, Shapes::ShapeRef.new(shape: Timestamp, location_name: "LastModified"))
     GetProvisionedConcurrencyConfigResponse.struct_class = Types::GetProvisionedConcurrencyConfigResponse
 
+    GetPublicAccessBlockConfigRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PublicAccessBlockResourceArn, required: true, location: "uri", location_name: "ResourceArn"))
+    GetPublicAccessBlockConfigRequest.struct_class = Types::GetPublicAccessBlockConfigRequest
+
+    GetPublicAccessBlockConfigResponse.add_member(:public_access_block_config, Shapes::ShapeRef.new(shape: PublicAccessBlockConfig, location_name: "PublicAccessBlockConfig"))
+    GetPublicAccessBlockConfigResponse.struct_class = Types::GetPublicAccessBlockConfigResponse
+
+    GetResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PolicyResourceArn, required: true, location: "uri", location_name: "ResourceArn"))
+    GetResourcePolicyRequest.struct_class = Types::GetResourcePolicyRequest
+
+    GetResourcePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "Policy"))
+    GetResourcePolicyResponse.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location_name: "RevisionId"))
+    GetResourcePolicyResponse.struct_class = Types::GetResourcePolicyResponse
+
     GetRuntimeManagementConfigRequest.add_member(:function_name, Shapes::ShapeRef.new(shape: NamespacedFunctionName, required: true, location: "uri", location_name: "FunctionName"))
     GetRuntimeManagementConfigRequest.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, location: "querystring", location_name: "Qualifier"))
     GetRuntimeManagementConfigRequest.struct_class = Types::GetRuntimeManagementConfigRequest
@@ -1228,6 +1260,14 @@ module Aws::Lambda
     ProvisionedConcurrencyConfigNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
     ProvisionedConcurrencyConfigNotFoundException.struct_class = Types::ProvisionedConcurrencyConfigNotFoundException
 
+    PublicAccessBlockConfig.add_member(:block_public_policy, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "BlockPublicPolicy"))
+    PublicAccessBlockConfig.add_member(:restrict_public_resource, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "RestrictPublicResource"))
+    PublicAccessBlockConfig.struct_class = Types::PublicAccessBlockConfig
+
+    PublicPolicyException.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "Type"))
+    PublicPolicyException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
+    PublicPolicyException.struct_class = Types::PublicPolicyException
+
     PublishLayerVersionRequest.add_member(:layer_name, Shapes::ShapeRef.new(shape: LayerName, required: true, location: "uri", location_name: "LayerName"))
     PublishLayerVersionRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     PublishLayerVersionRequest.add_member(:content, Shapes::ShapeRef.new(shape: LayerVersionContentInput, required: true, location_name: "Content"))
@@ -1292,6 +1332,22 @@ module Aws::Lambda
     PutProvisionedConcurrencyConfigResponse.add_member(:last_modified, Shapes::ShapeRef.new(shape: Timestamp, location_name: "LastModified"))
     PutProvisionedConcurrencyConfigResponse.struct_class = Types::PutProvisionedConcurrencyConfigResponse
 
+    PutPublicAccessBlockConfigRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PublicAccessBlockResourceArn, required: true, location: "uri", location_name: "ResourceArn"))
+    PutPublicAccessBlockConfigRequest.add_member(:public_access_block_config, Shapes::ShapeRef.new(shape: PublicAccessBlockConfig, required: true, location_name: "PublicAccessBlockConfig"))
+    PutPublicAccessBlockConfigRequest.struct_class = Types::PutPublicAccessBlockConfigRequest
+
+    PutPublicAccessBlockConfigResponse.add_member(:public_access_block_config, Shapes::ShapeRef.new(shape: PublicAccessBlockConfig, location_name: "PublicAccessBlockConfig"))
+    PutPublicAccessBlockConfigResponse.struct_class = Types::PutPublicAccessBlockConfigResponse
+
+    PutResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PolicyResourceArn, required: true, location: "uri", location_name: "ResourceArn"))
+    PutResourcePolicyRequest.add_member(:policy, Shapes::ShapeRef.new(shape: ResourcePolicy, required: true, location_name: "Policy"))
+    PutResourcePolicyRequest.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location_name: "RevisionId"))
+    PutResourcePolicyRequest.struct_class = Types::PutResourcePolicyRequest
+
+    PutResourcePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "Policy"))
+    PutResourcePolicyResponse.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location_name: "RevisionId"))
+    PutResourcePolicyResponse.struct_class = Types::PutResourcePolicyResponse
+
     PutRuntimeManagementConfigRequest.add_member(:function_name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "FunctionName"))
     PutRuntimeManagementConfigRequest.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, location: "querystring", location_name: "Qualifier"))
     PutRuntimeManagementConfigRequest.add_member(:update_runtime_on, Shapes::ShapeRef.new(shape: UpdateRuntimeOn, required: true, location_name: "UpdateRuntimeOn"))
@@ -1773,6 +1829,20 @@ module Aws::Lambda
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)
       end)
 
+      api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteResourcePolicy"
+        o.http_method = "DELETE"
+        o.http_request_uri = "/2024-09-16/resource-policy/{ResourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: DeleteResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: PreconditionFailedException)
+      end)
+
       api.add_operation(:get_account_settings, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetAccountSettings"
         o.http_method = "GET"
@@ -1963,6 +2033,30 @@ module Aws::Lambda
         o.errors << Shapes::ShapeRef.new(shape: ProvisionedConcurrencyConfigNotFoundException)
       end)
 
+      api.add_operation(:get_public_access_block_config, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetPublicAccessBlockConfig"
+        o.http_method = "GET"
+        o.http_request_uri = "/2024-09-16/public-access-block/{ResourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: GetPublicAccessBlockConfigRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetPublicAccessBlockConfigResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+      end)
+
+      api.add_operation(:get_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetResourcePolicy"
+        o.http_method = "GET"
+        o.http_request_uri = "/2024-09-16/resource-policy/{ResourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: GetResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+      end)
+
       api.add_operation(:get_runtime_management_config, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetRuntimeManagementConfig"
         o.http_method = "GET"
@@ -2364,6 +2458,35 @@ module Aws::Lambda
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)
       end)
 
+      api.add_operation(:put_public_access_block_config, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutPublicAccessBlockConfig"
+        o.http_method = "PUT"
+        o.http_request_uri = "/2024-09-16/public-access-block/{ResourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: PutPublicAccessBlockConfigRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutPublicAccessBlockConfigResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+      end)
+
+      api.add_operation(:put_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutResourcePolicy"
+        o.http_method = "PUT"
+        o.http_request_uri = "/2024-09-16/resource-policy/{ResourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: PutResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: PolicyLengthExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: PreconditionFailedException)
+        o.errors << Shapes::ShapeRef.new(shape: PublicPolicyException)
+      end)
+
       api.add_operation(:put_runtime_management_config, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutRuntimeManagementConfig"
         o.http_method = "PUT"

data/lib/aws-sdk-lambda/endpoints.rb

@@ -199,6 +199,17 @@ module Aws::Lambda
       end
     end
 
+    class DeleteResourcePolicy
+      def self.build(context)
+        Aws::Lambda::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
+        )
+      end
+    end
+
     class GetAccountSettings
       def self.build(context)
         Aws::Lambda::EndpointParameters.new(
@@ -375,6 +386,28 @@ module Aws::Lambda
       end
     end
 
+    class GetPublicAccessBlockConfig
+      def self.build(context)
+        Aws::Lambda::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
+        )
+      end
+    end
+
+    class GetResourcePolicy
+      def self.build(context)
+        Aws::Lambda::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
+        )
+      end
+    end
+
     class GetRuntimeManagementConfig
       def self.build(context)
         Aws::Lambda::EndpointParameters.new(
@@ -628,6 +661,28 @@ module Aws::Lambda
       end
     end
 
+    class PutPublicAccessBlockConfig
+      def self.build(context)
+        Aws::Lambda::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
+        )
+      end
+    end
+
+    class PutResourcePolicy
+      def self.build(context)
+        Aws::Lambda::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
+        )
+      end
+    end
+
     class PutRuntimeManagementConfig
       def self.build(context)
         Aws::Lambda::EndpointParameters.new(

data/lib/aws-sdk-lambda/errors.rb

@@ -52,6 +52,7 @@ module Aws::Lambda
   # * {PolicyLengthExceededException}
   # * {PreconditionFailedException}
   # * {ProvisionedConcurrencyConfigNotFoundException}
+  # * {PublicPolicyException}
   # * {RecursiveInvocationException}
   # * {RequestTooLargeException}
   # * {ResourceConflictException}
@@ -577,6 +578,26 @@ module Aws::Lambda
       end
     end
 
+    class PublicPolicyException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::Lambda::Types::PublicPolicyException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def type
+        @data[:type]
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class RecursiveInvocationException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-lambda/plugins/endpoints.rb

@@ -101,6 +101,8 @@ module Aws::Lambda
             Aws::Lambda::Endpoints::DeleteLayerVersion.build(context)
           when :delete_provisioned_concurrency_config
             Aws::Lambda::Endpoints::DeleteProvisionedConcurrencyConfig.build(context)
+          when :delete_resource_policy
+            Aws::Lambda::Endpoints::DeleteResourcePolicy.build(context)
           when :get_account_settings
             Aws::Lambda::Endpoints::GetAccountSettings.build(context)
           when :get_alias
@@ -133,6 +135,10 @@ module Aws::Lambda
             Aws::Lambda::Endpoints::GetPolicy.build(context)
           when :get_provisioned_concurrency_config
             Aws::Lambda::Endpoints::GetProvisionedConcurrencyConfig.build(context)
+          when :get_public_access_block_config
+            Aws::Lambda::Endpoints::GetPublicAccessBlockConfig.build(context)
+          when :get_resource_policy
+            Aws::Lambda::Endpoints::GetResourcePolicy.build(context)
           when :get_runtime_management_config
             Aws::Lambda::Endpoints::GetRuntimeManagementConfig.build(context)
           when :invoke
@@ -179,6 +185,10 @@ module Aws::Lambda
             Aws::Lambda::Endpoints::PutFunctionRecursionConfig.build(context)
           when :put_provisioned_concurrency_config
             Aws::Lambda::Endpoints::PutProvisionedConcurrencyConfig.build(context)
+          when :put_public_access_block_config
+            Aws::Lambda::Endpoints::PutPublicAccessBlockConfig.build(context)
+          when :put_resource_policy
+            Aws::Lambda::Endpoints::PutResourcePolicy.build(context)
           when :put_runtime_management_config
             Aws::Lambda::Endpoints::PutRuntimeManagementConfig.build(context)
           when :remove_layer_version_permission

data/lib/aws-sdk-lambda/types.rb

@@ -1532,6 +1532,28 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to delete
+    #   the policy from. You can use either a qualified or an unqualified
+    #   ARN, but the value you specify must be a complete ARN and wildcard
+    #   characters are not accepted.
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   Delete the existing policy only if its revision ID matches the
+    #   string you specify. To find the revision ID of the policy currently
+    #   attached to your function, use the GetResourcePolicy action.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/DeleteResourcePolicyRequest AWS API Documentation
+    #
+    class DeleteResourcePolicyRequest < Struct.new(
+      :resource_arn,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A configuration object that specifies the destination of an event
     # after Lambda processes it.
     #
@@ -3300,6 +3322,63 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to retrieve
+    #   public-access settings for.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfigRequest AWS API Documentation
+    #
+    class GetPublicAccessBlockConfigRequest < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] public_access_block_config
+    #   The public-access settings configured for the function you specified
+    #   @return [Types::PublicAccessBlockConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfigResponse AWS API Documentation
+    #
+    class GetPublicAccessBlockConfigResponse < Struct.new(
+      :public_access_block_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to retrieve
+    #   the policy for. You can use either a qualified or an unqualified
+    #   ARN, but the value you specify must be a complete ARN and wildcard
+    #   characters are not accepted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicyRequest AWS API Documentation
+    #
+    class GetResourcePolicyRequest < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The resource-based policy attached to the function you specified.
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   The revision ID of the policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicyResponse AWS API Documentation
+    #
+    class GetResourcePolicyResponse < Struct.new(
+      :policy,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] function_name
     #   The name or ARN of the Lambda function.
     #
@@ -4951,6 +5030,52 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # An object that defines the public-access settings for a function.
+    #
+    # @!attribute [rw] block_public_policy
+    #   To block the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `true`.
+    #   To allow the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `false`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] restrict_public_resource
+    #   To block public access to your function, even if its resource-based
+    #   policy allows it, set `RestrictPublicResource` to `true`. To allow
+    #   public access to a function with a resource-based policy that
+    #   permits it, set `RestrictPublicResource` to `false`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PublicAccessBlockConfig AWS API Documentation
+    #
+    class PublicAccessBlockConfig < Struct.new(
+      :block_public_policy,
+      :restrict_public_resource)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Lambda prevented your policy from being created because it would grant
+    # public access to your function. If you intended to create a public
+    # policy, use the PutPublicAccessBlockConfig API action to configure
+    # your function's public-access settings to allow public policies.
+    #
+    # @!attribute [rw] type
+    #   The exception type.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PublicPolicyException AWS API Documentation
+    #
+    class PublicPolicyException < Struct.new(
+      :type,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] layer_name
     #   The name or Amazon Resource Name (ARN) of the layer.
     #   @return [String]
@@ -5435,6 +5560,103 @@ module Aws::Lambda
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to configure
+    #   public-access settings for. Public-access settings are applied at
+    #   the function level, so you can't apply different settings to
+    #   function versions or aliases.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_config
+    #   An object defining the public-access settings you want to apply.
+    #
+    #   To block the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `true`.
+    #   To allow the creation of resource-based policies that would grant
+    #   public access to your function, set `BlockPublicPolicy` to `false`.
+    #
+    #   To block public access to your function, even if its resource-based
+    #   policy allows it, set `RestrictPublicResource` to `true`. To allow
+    #   public access to a function with a resource-based policy that
+    #   permits it, set `RestrictPublicResource` to `false`.
+    #
+    #   The default setting for both `BlockPublicPolicy` and
+    #   `RestrictPublicResource` is `true`.
+    #   @return [Types::PublicAccessBlockConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfigRequest AWS API Documentation
+    #
+    class PutPublicAccessBlockConfigRequest < Struct.new(
+      :resource_arn,
+      :public_access_block_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] public_access_block_config
+    #   The public-access settings Lambda applied to your function.
+    #   @return [Types::PublicAccessBlockConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfigResponse AWS API Documentation
+    #
+    class PutPublicAccessBlockConfigResponse < Struct.new(
+      :public_access_block_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the function you want to add the
+    #   policy to. You can use either a qualified or an unqualified ARN, but
+    #   the value you specify must be a complete ARN and wildcard characters
+    #   are not accepted.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy
+    #   The JSON resource-based policy you want to add to your function.
+    #
+    #   To learn more about creating resource-based policies for controlling
+    #   access to Lambda, see [Working with resource-based IAM policies in
+    #   Lambda][1] in the *Lambda Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   Replace the existing policy only if its revision ID matches the
+    #   string you specify. To find the revision ID of the policy currently
+    #   attached to your function, use the GetResourcePolicy action.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicyRequest AWS API Documentation
+    #
+    class PutResourcePolicyRequest < Struct.new(
+      :resource_arn,
+      :policy,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The policy Lambda added to your function.
+    #   @return [String]
+    #
+    # @!attribute [rw] revision_id
+    #   The revision ID of the policy Lambda added to your function.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicyResponse AWS API Documentation
+    #
+    class PutResourcePolicyResponse < Struct.new(
+      :policy,
+      :revision_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] function_name
     #   The name or ARN of the Lambda function.
     #

data/lib/aws-sdk-lambda.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-lambda/event_streams'
 # @!group service
 module Aws::Lambda
 
-  GEM_VERSION = '1.130.0'
+  GEM_VERSION = '1.131.0'
 
 end

data/sig/client.rbs

@@ -471,6 +471,13 @@ module Aws
                                                  ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#delete_resource_policy-instance_method
+      def delete_resource_policy: (
+                                    resource_arn: ::String,
+                                    ?revision_id: ::String
+                                  ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+
       interface _GetAccountSettingsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetAccountSettingsResponse]
         def account_limit: () -> Types::AccountLimit
@@ -745,6 +752,27 @@ module Aws
                                               ) -> _GetProvisionedConcurrencyConfigResponseSuccess
                                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetProvisionedConcurrencyConfigResponseSuccess
 
+      interface _GetPublicAccessBlockConfigResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetPublicAccessBlockConfigResponse]
+        def public_access_block_config: () -> Types::PublicAccessBlockConfig
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#get_public_access_block_config-instance_method
+      def get_public_access_block_config: (
+                                            resource_arn: ::String
+                                          ) -> _GetPublicAccessBlockConfigResponseSuccess
+                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetPublicAccessBlockConfigResponseSuccess
+
+      interface _GetResourcePolicyResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetResourcePolicyResponse]
+        def policy: () -> ::String
+        def revision_id: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#get_resource_policy-instance_method
+      def get_resource_policy: (
+                                 resource_arn: ::String
+                               ) -> _GetResourcePolicyResponseSuccess
+                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetResourcePolicyResponseSuccess
+
       interface _GetRuntimeManagementConfigResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetRuntimeManagementConfigResponse]
         def update_runtime_on: () -> ("Auto" | "Manual" | "FunctionUpdate")
@@ -1116,6 +1144,33 @@ module Aws
                                               ) -> _PutProvisionedConcurrencyConfigResponseSuccess
                                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutProvisionedConcurrencyConfigResponseSuccess
 
+      interface _PutPublicAccessBlockConfigResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::PutPublicAccessBlockConfigResponse]
+        def public_access_block_config: () -> Types::PublicAccessBlockConfig
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#put_public_access_block_config-instance_method
+      def put_public_access_block_config: (
+                                            resource_arn: ::String,
+                                            public_access_block_config: {
+                                              block_public_policy: bool?,
+                                              restrict_public_resource: bool?
+                                            }
+                                          ) -> _PutPublicAccessBlockConfigResponseSuccess
+                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutPublicAccessBlockConfigResponseSuccess
+
+      interface _PutResourcePolicyResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::PutResourcePolicyResponse]
+        def policy: () -> ::String
+        def revision_id: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#put_resource_policy-instance_method
+      def put_resource_policy: (
+                                 resource_arn: ::String,
+                                 policy: ::String,
+                                 ?revision_id: ::String
+                               ) -> _PutResourcePolicyResponseSuccess
+                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutResourcePolicyResponseSuccess
+
       interface _PutRuntimeManagementConfigResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::PutRuntimeManagementConfigResponse]
         def update_runtime_on: () -> ("Auto" | "Manual" | "FunctionUpdate")

data/sig/errors.rbs

@@ -112,6 +112,10 @@ module Aws
         def type: () -> ::String
         def message: () -> ::String
       end
+      class PublicPolicyException < ::Aws::Errors::ServiceError
+        def type: () -> ::String
+        def message: () -> ::String
+      end
       class RecursiveInvocationException < ::Aws::Errors::ServiceError
         def type: () -> ::String
         def message: () -> ::String

data/sig/types.rbs

@@ -293,6 +293,12 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class DeleteResourcePolicyRequest
+      attr_accessor resource_arn: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
     class DestinationConfig
       attr_accessor on_success: Types::OnSuccess
       attr_accessor on_failure: Types::OnFailure
@@ -677,6 +683,27 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class GetPublicAccessBlockConfigRequest
+      attr_accessor resource_arn: ::String
+      SENSITIVE: []
+    end
+
+    class GetPublicAccessBlockConfigResponse
+      attr_accessor public_access_block_config: Types::PublicAccessBlockConfig
+      SENSITIVE: []
+    end
+
+    class GetResourcePolicyRequest
+      attr_accessor resource_arn: ::String
+      SENSITIVE: []
+    end
+
+    class GetResourcePolicyResponse
+      attr_accessor policy: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
     class GetRuntimeManagementConfigRequest
       attr_accessor function_name: ::String
       attr_accessor qualifier: ::String
@@ -1085,6 +1112,18 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class PublicAccessBlockConfig
+      attr_accessor block_public_policy: bool
+      attr_accessor restrict_public_resource: bool
+      SENSITIVE: []
+    end
+
+    class PublicPolicyException
+      attr_accessor type: ::String
+      attr_accessor message: ::String
+      SENSITIVE: []
+    end
+
     class PublishLayerVersionRequest
       attr_accessor layer_name: ::String
       attr_accessor description: ::String
@@ -1171,6 +1210,30 @@ module Aws::Lambda
       SENSITIVE: []
     end
 
+    class PutPublicAccessBlockConfigRequest
+      attr_accessor resource_arn: ::String
+      attr_accessor public_access_block_config: Types::PublicAccessBlockConfig
+      SENSITIVE: []
+    end
+
+    class PutPublicAccessBlockConfigResponse
+      attr_accessor public_access_block_config: Types::PublicAccessBlockConfig
+      SENSITIVE: []
+    end
+
+    class PutResourcePolicyRequest
+      attr_accessor resource_arn: ::String
+      attr_accessor policy: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
+    class PutResourcePolicyResponse
+      attr_accessor policy: ::String
+      attr_accessor revision_id: ::String
+      SENSITIVE: []
+    end
+
     class PutRuntimeManagementConfigRequest
       attr_accessor function_name: ::String
       attr_accessor qualifier: ::String

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-lambda
 version: !ruby/object:Gem::Version
-  version: 1.130.0
+  version: 1.131.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-11 00:00:00.000000000 Z
+date: 2024-09-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core