Posted On: Nov 20, 2022

Attribute-Based Access Control (ABAC) is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources such as IAM users and roles, and to Amazon Web Services resources, like Lambda functions, to simplify permission management. ABAC support for Lambda functions allows you to scale your permissions as your organization innovates and give granular access to developers without requiring a policy update when a user or project is added, removed or updated. With ABAC support for Amazon Lambda, IAM policies can be used to allow or deny specific Lambda API actions when the IAM principal's tags match the tags on a Lambda function.

Today, we are excited to announce that Amazon Lambda supports ABAC in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.

With this launch, Amazon Lambda supports ABAC only for Lambda APIs that use function, function version and function alias as the main resource type. Please review the full list of Lambda API actions and resource types here.

To get started with ABAC for Lambda functions, see the following resources:

  • For information about attribute-based access control, see ABAC in the IAM User Guide
  • For information about configuring ABAC with Amazon Lambda, see Control access using tags in Amazon Lambda Developer Guide