AWS cli high security documentation change
Summary
Added '--invoked-via-function-url' option to restrict lambda:InvokeFunction to function URL calls only
Security assessment
The new flag explicitly restricts function invocation to only function URL calls, preventing unauthorized invocation methods. This directly addresses access control by limiting attack surface.
Diff
diff --git a/cli/latest/reference/lambda/add-permission.md b/cli/latest/reference/lambda/add-permission.md index 7b2de04d8..e66820ee4 100644 --- a//cli/latest/reference/lambda/add-permission.md +++ b//cli/latest/reference/lambda/add-permission.md @@ -15 +15 @@ - * [AWS CLI 2.31.10 Command Reference](../../index.html) » + * [AWS CLI 2.31.13 Command Reference](../../index.html) » @@ -82,0 +83 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/lambda + [--invoked-via-function-url | --no-invoked-via-function-url] @@ -235,0 +237,4 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/lambda +`--invoked-via-function-url` | `--no-invoked-via-function-url` (boolean) + +> Restricts the `lambda:InvokeFunction` action to calls coming from a function URL. When set to `true` , this prevents the principal from invoking the function by any means other than the function URL. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) . + @@ -388 +393 @@ Statement -> (string) - * [AWS CLI 2.31.10 Command Reference](../../index.html) » + * [AWS CLI 2.31.13 Command Reference](../../index.html) »