# Actions, resources, and condition keys for Amazon Lambda
Amazon Lambda (service prefix: `lambda`) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
+ Learn how to [configure this service](https://docs.amazonaws.cn/lambda/latest/dg/welcome.html).
+ View a list of the [API operations available for this service](https://docs.amazonaws.cn/lambda/latest/dg/API_Reference.html).
+ Learn how to secure this service and its resources by [using IAM](https://docs.amazonaws.cn/lambda/latest/dg/lambda-auth-and-access-control.html) permission policies.
**Topics**
+ [Actions defined by Amazon Lambda](#awslambda-actions-as-permissions)
+ [Resource types defined by Amazon Lambda](#awslambda-resources-for-iam-policies)
+ [Condition keys for Amazon Lambda](#awslambda-policy-keys)
## Actions defined by Amazon Lambda
You can specify the following actions in the `Action` element of an IAM policy statement. Use policies to grant permissions to perform an operation in Amazon. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The **Access level** column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see [Access levels in policy summaries](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html).
The **Resource types** column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("\*") to which the policy applies in the `Resource` element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (\*). If you limit resource access with the `Resource` element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The **Condition keys** column of the Actions table includes keys that you can specify in a policy statement's `Condition` element. For more information on the condition keys that are associated with resources for the service, see the **Condition keys** column of the Resource types table.
The **Dependent actions** column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.
**Note**
Resource condition keys are listed in the [Resource types](#awslambda-resources-for-iam-policies) table. You can find a link to the resource type that applies to an action in the **Resource types (\*required)** column of the Actions table. The resource type in the Resource types table includes the **Condition keys** column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see [Actions table](reference_policies_actions-resources-contextkeys.html#actions_table).
****
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_AddLayerVersionPermission.html](https://docs.amazonaws.cn/lambda/latest/dg/API_AddLayerVersionPermission.html) **
- **Description:** Grants permission to add permissions to the resource-based policy of a version of an Amazon Lambda layer
- **Access level:** Permissions management
- **Resource types (\*required):** [#awslambda-layerVersion](#awslambda-layerVersion)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_AddPermission.html](https://docs.amazonaws.cn/lambda/latest/dg/API_AddPermission.html) **
- **Description:** Grants permission to give an Amazon service or another account permission to use an Amazon Lambda function
- **Access level:** Permissions management
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_Principal](#awslambda-lambda_Principal)
[#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_CheckpointDurableExecution.html](https://docs.amazonaws.cn/lambda/latest/dg/API_CheckpointDurableExecution.html) **
- **Description:** Grants permission to save the progress of an Amazon Lambda durable execution
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_CreateAlias.html](https://docs.amazonaws.cn/lambda/latest/dg/API_CreateAlias.html) **
- **Description:** Grants permission to create an alias for a Lambda function version
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_CreateCapacityProvider.html](https://docs.amazonaws.cn/lambda/latest/dg/API_CreateCapacityProvider.html) **
- **Description:** Grants permission to create an Amazon Lambda capacity provider
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider) / **Condition keys:** / **Dependent actions:** iam:CreateServiceLinkedRole
iam:PassRole
kms:DescribeKey
- **Resource types (\*required):** / **Condition keys:** [#awslambda-aws_RequestTag___TagKey_](#awslambda-aws_RequestTag___TagKey_)
[#awslambda-aws_TagKeys](#awslambda-aws_TagKeys)
[#awslambda-lambda_SecurityGroupIds](#awslambda-lambda_SecurityGroupIds)
[#awslambda-lambda_SubnetIds](#awslambda-lambda_SubnetIds) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_CreateCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_CreateCodeSigningConfig.html) **
- **Description:** Grants permission to create an Amazon Lambda code signing config
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:** [#awslambda-aws_RequestTag___TagKey_](#awslambda-aws_RequestTag___TagKey_)
[#awslambda-aws_TagKeys](#awslambda-aws_TagKeys)
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_CreateEventSourceMapping.html](https://docs.amazonaws.cn/lambda/latest/dg/API_CreateEventSourceMapping.html) **
- **Description:** Grants permission to create a mapping between an event source and an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:** [#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn)
[#awslambda-aws_RequestTag___TagKey_](#awslambda-aws_RequestTag___TagKey_)
[#awslambda-aws_TagKeys](#awslambda-aws_TagKeys)
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_CreateFunction.html](https://docs.amazonaws.cn/lambda/latest/dg/API_CreateFunction.html) **
- **Description:** Grants permission to create an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:** iam:PassRole
lambda:PassCapacityProvider
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_Layer](#awslambda-lambda_Layer)
[#awslambda-lambda_VpcIds](#awslambda-lambda_VpcIds)
[#awslambda-lambda_SubnetIds](#awslambda-lambda_SubnetIds)
[#awslambda-lambda_SecurityGroupIds](#awslambda-lambda_SecurityGroupIds)
[#awslambda-lambda_CodeSigningConfigArn](#awslambda-lambda_CodeSigningConfigArn)
[#awslambda-aws_RequestTag___TagKey_](#awslambda-aws_RequestTag___TagKey_)
[#awslambda-aws_TagKeys](#awslambda-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_CreateFunctionUrlConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_CreateFunctionUrlConfig.html) **
- **Description:** Grants permission to create a function url configuration for a Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType)
[#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteAlias.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteAlias.html) **
- **Description:** Grants permission to delete an Amazon Lambda function alias
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteCapacityProvider.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteCapacityProvider.html) **
- **Description:** Grants permission to delete an Amazon Lambda capacity provider
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteCodeSigningConfig.html) **
- **Description:** Grants permission to delete an Amazon Lambda code signing config
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteEventSourceMapping.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteEventSourceMapping.html) **
- **Description:** Grants permission to delete an Amazon Lambda event source mapping
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-eventSourceMapping](#awslambda-eventSourceMapping) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunction.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunction.html) **
- **Description:** Grants permission to delete an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionCodeSigningConfig.html) **
- **Description:** Grants permission to detach a code signing config from an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionConcurrency.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionConcurrency.html) **
- **Description:** Grants permission to remove a concurrent execution limit from an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionEventInvokeConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionEventInvokeConfig.html) **
- **Description:** Grants permission to delete the configuration for asynchronous invocation for an Amazon Lambda function, version, or alias
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionUrlConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteFunctionUrlConfig.html) **
- **Description:** Grants permission to delete function url configuration for a Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType)
[#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteLayerVersion.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteLayerVersion.html) **
- **Description:** Grants permission to delete a version of an Amazon Lambda layer
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-layerVersion](#awslambda-layerVersion)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteProvisionedConcurrencyConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_DeleteProvisionedConcurrencyConfig.html) **
- **Description:** Grants permission to delete the provisioned concurrency configuration for an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-functionalias](#awslambda-functionalias) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-functionversion](#awslambda-functionversion) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html](https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html) [permission only]**
- **Description:** Grants permission to disable replication for a Lambda@Edge function
- **Access level:** Permissions management
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html](https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html) [permission only]**
- **Description:** Grants permission to enable replication for a Lambda@Edge function
- **Access level:** Permissions management
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetAccountSettings.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetAccountSettings.html) **
- **Description:** Grants permission to view details about an account's limits and usage in an Amazon Web Services Region
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetAlias.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetAlias.html) **
- **Description:** Grants permission to view details about an Amazon Lambda function alias
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetCapacityProvider.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetCapacityProvider.html) **
- **Description:** Grants permission to view details about an Amazon Lambda capacity provider
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetCodeSigningConfig.html) **
- **Description:** Grants permission to view details about an Amazon Lambda code signing config
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetDurableExecution.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetDurableExecution.html) **
- **Description:** Grants permission to view details of an Amazon Lambda durable execution
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetDurableExecutionHistory.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetDurableExecutionHistory.html) **
- **Description:** Grants permission to view execution history of an Amazon Lambda durable execution
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetDurableExecutionState.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetDurableExecutionState.html) **
- **Description:** Grants permission to view current state of an Amazon Lambda durable execution
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetEventSourceMapping.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetEventSourceMapping.html) **
- **Description:** Grants permission to view details about an Amazon Lambda event source mapping
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-eventSourceMapping](#awslambda-eventSourceMapping) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunction.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunction.html) **
- **Description:** Grants permission to view details about an Amazon Lambda function
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionCodeSigningConfig.html) **
- **Description:** Grants permission to view the code signing config arn attached to an Amazon Lambda function
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionConcurrency.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionConcurrency.html) **
- **Description:** Grants permission to view details about the reserved concurrency configuration for a function
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionConfiguration.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionConfiguration.html) **
- **Description:** Grants permission to view details about the version-specific settings of an Amazon Lambda function or version
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionEventInvokeConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionEventInvokeConfig.html) **
- **Description:** Grants permission to view the configuration for asynchronous invocation for a function, version, or alias
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionRecursionConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionRecursionConfig.html) **
- **Description:** Grants permission to view the recursion configuration of an Amazon Lambda function
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionScalingConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionScalingConfig.html) **
- **Description:** Grants permission to view the scaling configuration of an Amazon Lambda function running on a capacity provider
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionUrlConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetFunctionUrlConfig.html) **
- **Description:** Grants permission to read function url configuration for a Lambda function
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType)
[#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetLayerVersion.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetLayerVersion.html) **
- **Description:** Grants permission to view details about a version of an Amazon Lambda layer. Note this action also supports GetLayerVersionByArn API
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-layerVersion](#awslambda-layerVersion)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetLayerVersionPolicy.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetLayerVersionPolicy.html) **
- **Description:** Grants permission to view the resource-based policy for a version of an Amazon Lambda layer
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-layerVersion](#awslambda-layerVersion)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetPolicy.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetPolicy.html) **
- **Description:** Grants permission to view the resource-based policy for an Amazon Lambda function, version, or alias
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetProvisionedConcurrencyConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetProvisionedConcurrencyConfig.html) **
- **Description:** Grants permission to view the provisioned concurrency configuration for an Amazon Lambda function's alias or version
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-functionalias](#awslambda-functionalias) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-functionversion](#awslambda-functionversion) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_GetRuntimeManagementConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_GetRuntimeManagementConfig.html) **
- **Description:** Grants permission to view the runtime management configuration of an Amazon Lambda function
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_InvokeAsync.html](https://docs.amazonaws.cn/lambda/latest/dg/API_InvokeAsync.html) **
- **Description:** Grants permission to invoke a function asynchronously (Deprecated)
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_Invoke.html](https://docs.amazonaws.cn/lambda/latest/dg/API_Invoke.html) **
- **Description:** Grants permission to invoke an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_EventSourceToken](#awslambda-lambda_EventSourceToken)
[#awslambda-lambda_InvokedViaFunctionUrl](#awslambda-lambda_InvokedViaFunctionUrl) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_InvokeFunctionUrl.html](https://docs.amazonaws.cn/lambda/latest/dg/API_InvokeFunctionUrl.html) [permission only]**
- **Description:** Grants permission to invoke an Amazon Lambda function through url
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType)
[#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn)
[#awslambda-lambda_EventSourceToken](#awslambda-lambda_EventSourceToken) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListAliases.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListAliases.html) **
- **Description:** Grants permission to retrieve a list of aliases for an Amazon Lambda function
- **Access level:** List
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListCapacityProviders.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListCapacityProviders.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda capacity providers
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListCodeSigningConfigs.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListCodeSigningConfigs.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda code signing configs
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListDurableExecutionsByFunction.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListDurableExecutionsByFunction.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda durable executions of an Amazon Lambda function
- **Access level:** List
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListEventSourceMappings.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListEventSourceMappings.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda event source mappings
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionEventInvokeConfigs.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionEventInvokeConfigs.html) **
- **Description:** Grants permission to retrieve a list of configurations for asynchronous invocation for a function
- **Access level:** List
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionUrlConfigs.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionUrlConfigs.html) **
- **Description:** Grants permission to read function url configurations for a function
- **Access level:** List
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionVersionsByCapacityProvider.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionVersionsByCapacityProvider.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda function versions by the capacity provider assigned
- **Access level:** List
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctions.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctions.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda functions, with the version-specific configuration of each function
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionsByCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListFunctionsByCodeSigningConfig.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda functions by the code signing config assigned
- **Access level:** List
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListLayerVersions.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListLayerVersions.html) **
- **Description:** Grants permission to retrieve a list of versions of an Amazon Lambda layer
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListLayers.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListLayers.html) **
- **Description:** Grants permission to retrieve a list of Amazon Lambda layers, with details about the latest version of each layer
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListProvisionedConcurrencyConfigs.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListProvisionedConcurrencyConfigs.html) **
- **Description:** Grants permission to retrieve a list of provisioned concurrency configurations for an Amazon Lambda function
- **Access level:** List
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListTags.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListTags.html) **
- **Description:** Grants permission to retrieve a list of tags for an Amazon Lambda function, event source mapping, capacity provider, or code signing configuration resource
- **Access level:** Read
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-eventSourceMapping](#awslambda-eventSourceMapping) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_ListVersionsByFunction.html](https://docs.amazonaws.cn/lambda/latest/dg/API_ListVersionsByFunction.html) **
- **Description:** Grants permission to retrieve a list of versions for an Amazon Lambda function
- **Access level:** List
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/lambda-permissions.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-permissions.html) [permission only]**
- **Description:** Grants permission to pass an Amazon Lambda capacity provider to a service
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PublishLayerVersion.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PublishLayerVersion.html) **
- **Description:** Grants permission to create an Amazon Lambda layer
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-layer](#awslambda-layer)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PublishVersion.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PublishVersion.html) **
- **Description:** Grants permission to create an Amazon Lambda function version
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionCodeSigningConfig.html) **
- **Description:** Grants permission to attach a code signing config to an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_CodeSigningConfigArn](#awslambda-lambda_CodeSigningConfigArn) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionConcurrency.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionConcurrency.html) **
- **Description:** Grants permission to configure reserved concurrency for an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionEventInvokeConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionEventInvokeConfig.html) **
- **Description:** Grants permission to configures options for asynchronous invocation on an Amazon Lambda function, version, or alias
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionRecursionConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionRecursionConfig.html) **
- **Description:** Grants permission to update the recursion configuration of an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionScalingConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PutFunctionScalingConfig.html) **
- **Description:** Grants permission to update the scaling configuration of an Amazon Lambda function running on a capacity provider
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PutProvisionedConcurrencyConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PutProvisionedConcurrencyConfig.html) **
- **Description:** Grants permission to configure provisioned concurrency for an Amazon Lambda function's alias or version
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-functionalias](#awslambda-functionalias) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-functionversion](#awslambda-functionversion) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_PutRuntimeManagementConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_PutRuntimeManagementConfig.html) **
- **Description:** Grants permission to update the runtime management configuration of an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_RemoveLayerVersionPermission.html](https://docs.amazonaws.cn/lambda/latest/dg/API_RemoveLayerVersionPermission.html) **
- **Description:** Grants permission to remove a statement from the permissions policy for a version of an Amazon Lambda layer
- **Access level:** Permissions management
- **Resource types (\*required):** [#awslambda-layerVersion](#awslambda-layerVersion)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_RemovePermission.html](https://docs.amazonaws.cn/lambda/latest/dg/API_RemovePermission.html) **
- **Description:** Grants permission to revoke function-use permission from an Amazon service or another account
- **Access level:** Permissions management
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_Principal](#awslambda-lambda_Principal)
[#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_SendDurableExecutionCallbackFailure.html](https://docs.amazonaws.cn/lambda/latest/dg/API_SendDurableExecutionCallbackFailure.html) **
- **Description:** Grants permission to send a failure response for a callback operation in an Amazon Lambda durable execution
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_SendDurableExecutionCallbackHeartbeat.html](https://docs.amazonaws.cn/lambda/latest/dg/API_SendDurableExecutionCallbackHeartbeat.html) **
- **Description:** Grants permission to send a heartbeat for a callback operation in an Amazon Lambda durable execution
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_SendDurableExecutionCallbackSuccess.html](https://docs.amazonaws.cn/lambda/latest/dg/API_SendDurableExecutionCallbackSuccess.html) **
- **Description:** Grants permission to send a successful response for a callback operation in an Amazon Lambda durable execution
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_StopDurableExecution.html](https://docs.amazonaws.cn/lambda/latest/dg/API_StopDurableExecution.html) **
- **Description:** Grants permission to stop an Amazon Lambda durable execution
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-durableexecution](#awslambda-durableexecution)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_TagResources.html](https://docs.amazonaws.cn/lambda/latest/dg/API_TagResources.html) **
- **Description:** Grants permission to add tags to an Amazon Lambda function, event source mapping, capacity provider, or code signing configuration resource
- **Access level:** Tagging
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-eventSourceMapping](#awslambda-eventSourceMapping) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-aws_RequestTag___TagKey_](#awslambda-aws_RequestTag___TagKey_)
[#awslambda-aws_TagKeys](#awslambda-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UntagResource.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UntagResource.html) **
- **Description:** Grants permission to remove tags from an Amazon Lambda function, event source mapping, capacity provider, or code signing configuration resource
- **Access level:** Tagging
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-eventSourceMapping](#awslambda-eventSourceMapping) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-aws_TagKeys](#awslambda-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateAlias.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateAlias.html) **
- **Description:** Grants permission to update the configuration of an Amazon Lambda function's alias
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateCapacityProvider.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateCapacityProvider.html) **
- **Description:** Grants permission to update an Amazon Lambda capacity provider
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-capacityProvider](#awslambda-capacityProvider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateCodeSigningConfig.html) **
- **Description:** Grants permission to update an Amazon Lambda code signing config
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateEventSourceMapping.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateEventSourceMapping.html) **
- **Description:** Grants permission to update the configuration of an Amazon Lambda event source mapping
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-eventSourceMapping](#awslambda-eventSourceMapping) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionCode.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionCode.html) **
- **Description:** Grants permission to update the code of an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionCodeSigningConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionCodeSigningConfig.html) **
- **Description:** Grants permission to update the code signing config of an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-codesigningconfig](#awslambda-codesigningconfig) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionConfiguration.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionConfiguration.html) **
- **Description:** Grants permission to modify the version-specific settings of an Amazon Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_Layer](#awslambda-lambda_Layer)
[#awslambda-lambda_VpcIds](#awslambda-lambda_VpcIds)
[#awslambda-lambda_SubnetIds](#awslambda-lambda_SubnetIds)
[#awslambda-lambda_SecurityGroupIds](#awslambda-lambda_SecurityGroupIds) / **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionEventInvokeConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionEventInvokeConfig.html) **
- **Description:** Grants permission to modify the configuration for asynchronous invocation for an Amazon Lambda function, version, or alias
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionUrlConfig.html](https://docs.amazonaws.cn/lambda/latest/dg/API_UpdateFunctionUrlConfig.html) **
- **Description:** Grants permission to update a function url configuration for a Lambda function
- **Access level:** Write
- **Resource types (\*required):** [#awslambda-function](#awslambda-function) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awslambda-lambda_FunctionUrlAuthType](#awslambda-lambda_FunctionUrlAuthType)
[#awslambda-lambda_FunctionArn](#awslambda-lambda_FunctionArn) / **Dependent actions:**
## Resource types defined by Amazon Lambda
The following resource types are defined by this service and can be used in the `Resource` element of IAM permission policy statements. Each action in the [Actions table](#awslambda-actions-as-permissions) identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see [Resource types table](reference_policies_actions-resources-contextkeys.html#resources_table).
****
| Resource types | ARN | Condition keys |
| --- | --- | --- |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:capacity-provider:${CapacityProviderName} | [#awslambda-aws_ResourceTag___TagKey_](#awslambda-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:code-signing-config:${CodeSigningConfigId} | [#awslambda-aws_ResourceTag___TagKey_](#awslambda-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}:${Version}/durable-execution/${ExecutionName}/${ExecutionId} | |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:event-source-mapping:${UUID} | [#awslambda-aws_ResourceTag___TagKey_](#awslambda-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName} | [#awslambda-aws_ResourceTag___TagKey_](#awslambda-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}:${Alias} | [#awslambda-aws_ResourceTag___TagKey_](#awslambda-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}:${Version} | [#awslambda-aws_ResourceTag___TagKey_](#awslambda-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:layer:${LayerName} | |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | arn:${Partition}:lambda:${Region}:${Account}:layer:${LayerName}:${LayerVersion} | |
## Condition keys for Amazon Lambda
Amazon Lambda defines the following condition keys that can be used in the `Condition` element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see [Condition keys table](reference_policies_actions-resources-contextkeys.html#context_keys_table).
To view the global condition keys that are available to all services, see [Amazon global condition context keys](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html).
****
| Condition keys | Description | Type |
| --- | --- | --- |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | Filters access by the tags that are passed in the request | String |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | Filters access by the tags associated with the resource | String |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | Filters access by the tag keys that are passed in the request | ArrayOfString |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ARN of an Amazon Lambda code signing config | ARN |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ID from a non-Amazon event source configured for the Amazon Lambda function | String |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ARN of an Amazon Lambda function | ARN |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations | String |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Limits the scope of lambda:InvokeFunction action to Function URLs only. Available during AddPermission operation | Bool |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ARN of a version of an Amazon Lambda layer | ArrayOfString |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by restricting the Amazon service or account that can invoke a function | String |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ID of security groups configured for the Amazon Lambda function | ArrayOfString |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ARN of the Amazon Lambda function from which the request originated | ARN |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ID of subnets configured for the Amazon Lambda function | ArrayOfString |
| [https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html](https://docs.amazonaws.cn/lambda/latest/dg/lambda-api-permissions-ref.html) | Filters access by the ID of the VPC configured for the Amazon Lambda function | String |