How to Give Lambda Function URL Public Access

You come across the following message on your Lambda function’s configuration page:

"Your function URL auth type is NONE, but is missing permissions required for public access. To allow unauthenticated requests, choose the Permissions tab and create a resource-based policy that grants lambda:invokeFunctionUrl permissions to all principals (*)".

What does this mean?

This means that your Lambda function's URL is currently set up to be accessible without authentication (auth type is NONE), but it doesn't have the necessary permissions to be publicly accessible.

The solution is also provided in the message: create a resource-based policy that grants lambda:invokeFunctionUrl permissions to all principals (*). But what does it mean by 'all principals (*)'?

“all principals (*)” means that this permission will be granted to all AWS identities or users within your AWS account. They will be able to invoke your Lambda function's URL without further restrictions.

Now, if you prefer to use the AWS CLI for this task, here is the command you can run to create a resource-based policy that grants lambda:invokeFunctionUrl permissions to all principals (*) for your Lambda function:

aws lambda add-permission \
--function-name <FUNCTION_NAME> \
--statement-id AllowAll \
--action lambda:InvokeFunctionUrl \
--principal "*" \
--function-url-auth-type NONE

This will effectively open up the Lambda function for public access.