How to call a list of AWS Lambda permissions for a function

Question

To allow a AWS service to invoke a lambda function you need to apply permissions. The json for this permission could look a little something like so:

{     "FunctionName": "someFunction",      "StatementId": "1",      "Action": "lambda:InvokeFunction",      "Principal": "codecommit.amazonaws.com",      "SourceArn": "arn:aws:codecommit:us-east-1:80398EXAMPLE:MyDemoRepo",      "SourceAccount": "80398EXAMPLE" } 

above taken from http://docs.aws.amazon.com/codecommit/latest/userguide/how-to-notify-lambda.html

A permission is easy enough to add using the command line interface (cli). See http://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html. And it can be removed using the command at http://docs.aws.amazon.com/cli/latest/reference/lambda/remove-permission.html

What I cannot find is a way to list existing permissions. I've looked everywhere in the Lambda and the IAM GUI. I've looked at the list of cli commands for Lambda at http://docs.aws.amazon.com/cli/latest/reference/lambda/index.html#cli-aws-lambda - there seems to be no command to list permissions. I also looked at the iam commands for a laugh at http://docs.aws.amazon.com/cli/latest/reference/iam/index.html#cli-aws-iam. Nothing sticks out there.

So the question : how do you get a list of Lambda permissions? What am I missing here and if it is actually impossible, why? Hopefully some AWS experts out there who can shed light on this

Answer 1

This one confused me, too. You can add a permission to a Lambda function with the aws lambda add-permission command in the AWSCLI. You can remove a permission using aws lambda remove-permission. But to see the existing permissions you use aws lambda get-policy.