Posted On: Nov 21, 2022

ABAC is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources such as IAM users and roles, and to Amazon Web Services resources, like Lambda functions, to simplify permission management. ABAC support for Lambda functions allows you to scale your permissions as your organization innovates and give granular access to developers without requiring a policy update when a user or project is added, removed or updated. With ABAC support for Amazon Lambda, IAM policies can be used to allow or deny specific Lambda API actions when the IAM principal's tags match the tags on a Lambda function.

Today, we are excited to announce that Lambda supports ABAC in AWS GovCloud (US) Regions.

With this launch, Lambda supports ABAC only for Lambda APIs that use function, function version and function alias as the main resource type. Please review the full list of Lambda API actions and resource types here.

To get started with ABAC for Lambda functions, see the following resources:

  • For information about attribute-based access control, see ABAC in the IAM User Guide
  • For information about configuring ABAC with AWS Lambda, see Control access using tags in AWS Lambda Developer Guide