aws · roger-zhangg · Apr 16, 2024 · Apr 16, 2024 · Apr 16, 2024 · Apr 16, 2024
diff --git a/...ws-cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/cdk.out b/...ws-cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/cdk.out
diff --git a/...cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/integ.json b/...cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/integ.json
diff --git a/...k-integ/test/aws-lambda/test/integ.permissions.js.snapshot/lambda-permissions.assets.json b/...k-integ/test/aws-lambda/test/integ.permissions.js.snapshot/lambda-permissions.assets.json
diff --git a/...integ/test/aws-lambda/test/integ.permissions.js.snapshot/lambda-permissions.template.json b/...integ/test/aws-lambda/test/integ.permissions.js.snapshot/lambda-permissions.template.json
@@ -78,6 +78,34 @@
     "PrincipalOrgID": "o-xxxxxxxxxx"
    }
   },
+  "MyLambdaInvokeiasez2Hq1vE2Fl1I4Yaq8UbNdwu1QsvuMXzIoTAF759EB93": {
+   "Type": "AWS::Lambda::Permission",
+   "Properties": {
+    "Action": "lambda:InvokeFunction",
+    "FunctionName": {
+     "Fn::GetAtt": [
+      "MyLambdaCCE802FB",
+      "Arn"
+     ]
+    },
+    "Principal": "*",
+    "PrincipalOrgID": "o-yyyyyyyyyy2"
+   }
+  },
+  "MyLambdaInvokeeCd3Xf1YrYI9J9KZWaa7iTC3wv2MejAlHdcglgF5m4c0F884F73": {
+   "Type": "AWS::Lambda::Permission",
+   "Properties": {
+    "Action": "lambda:InvokeFunction",
+    "FunctionName": {
+     "Fn::GetAtt": [
+      "MyLambdaCCE802FB",
+      "Arn"
+     ]
+    },
+    "Principal": "*",
+    "PrincipalOrgID": "o-xxxxxxxxxx2"
+   }
+  },
   "MyLambdaFunctionUrlC2055677": {
    "Type": "AWS::Lambda::Url",
    "Properties": {

diff --git a/...-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/manifest.json b/...-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/manifest.json
diff --git a/...-cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/tree.json b/...-cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.js.snapshot/tree.json
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.permissions.ts
@@ -17,6 +17,10 @@ fn.grantInvoke(new iam.AnyPrincipal().inOrganization('o-yyyyyyyyyy'));
 
 fn.grantInvoke(new iam.OrganizationPrincipal('o-xxxxxxxxxx'));
 
+fn.grantInvoke(new iam.AnyPrincipal().inOrganization('o-yyyyyyyyyy2'), { onlyGrantLatestVersion: true });
+
+fn.grantInvoke(new iam.OrganizationPrincipal('o-xxxxxxxxxx2'), { onlyGrantLatestVersion: true });
+
 const fnUrl = fn.addFunctionUrl();
 const role = new iam.Role(stack, 'MyRole', {
   assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),

diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.ts
@@ -116,8 +116,8 @@ export class EdgeFunction extends Resource implements lambda.IVersion {
   public addToRolePolicy(statement: iam.PolicyStatement): void {
     return this.lambda.addToRolePolicy(statement);
   }
-  public grantInvoke(identity: iam.IGrantable): iam.Grant {
-    return this.lambda.grantInvoke(identity);
+  public grantInvoke(identity: iam.IGrantable, props?: lambda.GrantInvokeProps): iam.Grant {
+    return this.lambda.grantInvoke(identity, props);
   }
   public grantInvokeUrl(identity: iam.IGrantable): iam.Grant {
     return this.lambda.grantInvokeUrl(identity);