If it’s good to lock an AWS Lambda operate right down to a supply account for safety causes (PCI.Lambda.1) then you are able to do so through the use of the source_account choice of the aws_lambda_permission Terraform useful resource sort.
useful resource "aws_lambda_permission" "do_something_with_bucket" {
statement_id = "AllowExecutionFromS3Bucket"
motion = "lambda:InvokeFunction"
function_name = module.do_something_with_bucket.arn
principal = "s3.amazonaws.com"
source_arn = var.source_bucket_arn
source_account = var.account_id # <---------- right here
}
Now we have saved the account_id in a variable in order that it may be up to date after we initialize our Terraform context:
<meta charset="utf-8">source_account = var.account_id
This can enable the Situation to be populated as under:
"Situation": {
"StringEquals": {
"AWS:SourceAccount": "xxxxxxxxxxxx"
},
}
