AWS Security ChangesHomeSearch

AWS cli high security documentation change

Service: cli · 2025-10-13 · Security-related high

File: cli/latest/reference/lambda/add-permission.md

Summary

Added '--invoked-via-function-url' option to restrict lambda:InvokeFunction to function URL calls only

Security assessment

The new flag explicitly restricts function invocation to only function URL calls, preventing unauthorized invocation methods. This directly addresses access control by limiting attack surface.

Diff

diff --git a/cli/latest/reference/lambda/add-permission.md b/cli/latest/reference/lambda/add-permission.md
index 7b2de04d8..e66820ee4 100644
--- a//cli/latest/reference/lambda/add-permission.md
+++ b//cli/latest/reference/lambda/add-permission.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.10 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.13 Command Reference](../../index.html) »
@@ -82,0 +83 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/lambda
+    [--invoked-via-function-url | --no-invoked-via-function-url]
@@ -235,0 +237,4 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/lambda
+`--invoked-via-function-url` | `--no-invoked-via-function-url` (boolean)
+
+> Restricts the `lambda:InvokeFunction` action to calls coming from a function URL. When set to `true` , this prevents the principal from invoking the function by any means other than the function URL. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .
+
@@ -388 +393 @@ Statement -> (string)
-  * [AWS CLI 2.31.10 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.13 Command Reference](../../index.html) »