diff --git a/apis/lambda/v1beta1/zz_generated_terraformed.go b/apis/lambda/v1beta1/zz_generated_terraformed.go
index f836d02768..c9b01e36ee 100755
--- a/apis/lambda/v1beta1/zz_generated_terraformed.go
+++ b/apis/lambda/v1beta1/zz_generated_terraformed.go
@@ -1148,6 +1148,7 @@ func (tr *Permission) LateInitialize(attrs []byte) (bool, error) {
 		return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization")
 	}
 	opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)}
+	opts = append(opts, resource.WithNameFilter("StatementIDPrefix"))
 
 	li := resource.NewGenericLateInitializer(opts...)
 	return li.LateInitialize(&tr.Spec.ForProvider, params)
diff --git a/config/lambda/config.go b/config/lambda/config.go
index aecc706236..2dc163a3fd 100644
--- a/config/lambda/config.go
+++ b/config/lambda/config.go
@@ -85,6 +85,9 @@ func Configure(p *config.Provider) {
 	})
 
 	p.AddResourceConfigurator("aws_lambda_permission", func(r *config.Resource) {
+		r.LateInitializer = config.LateInitializer{
+			IgnoredFields: []string{"statement_id_prefix"},
+		}
 		r.References["function_name"] = config.Reference{
 			Type: "Function",
 		}
diff --git a/examples/lambda/permission.yaml b/examples/lambda/permission.yaml
index 078080cc17..22f5ec0d94 100644
--- a/examples/lambda/permission.yaml
+++ b/examples/lambda/permission.yaml
@@ -1,12 +1,164 @@
 apiVersion: lambda.aws.upbound.io/v1beta1
 kind: Permission
 metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
   name: example
 spec:
   forProvider:
     region: us-west-1
     action: lambda:InvokeFunction
     functionNameRef:
-      name: example
+      name: example-permission
     principal: events.amazonaws.com
     statementId: AllowExecutionFromCloudWatch
+---
+apiVersion: lambda.aws.upbound.io/v1beta1
+kind: Function
+metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
+    uptest.upbound.io/timeout: "3600"
+  labels:
+    testing.upbound.io/example-name: example
+  name: example-permission
+spec:
+  forProvider:
+    s3Bucket: upbound-provider-test-data
+    s3Key: hello-python.zip
+    handler: index.py
+    packageType: Zip
+    region: us-west-1
+    roleSelector:
+      matchLabels:
+        testing.upbound.io/example-name: role
+    runtime: python3.9
+    timeout: 60
+    vpcConfig:
+    - securityGroupIdSelector:
+        matchLabels:
+          testing.upbound.io/example-name: example
+      subnetIdSelector:
+        matchLabels:
+          testing.upbound.io/example-name: example
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Role
+metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
+  labels:
+    testing.upbound.io/example-name: role
+  name: example-permission
+spec:
+  forProvider:
+    assumeRolePolicy: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Action": "sts:AssumeRole",
+            "Principal": {
+              "Service": ["ec2.amazonaws.com", "lambda.amazonaws.com"]
+            },
+            "Effect": "Allow",
+            "Sid": ""
+          }
+        ]
+      }
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Policy
+metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
+  labels:
+    testing.upbound.io/example-name: policy
+  name: example-permission
+spec:
+  forProvider:
+    policy: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Action": [
+                "ec2:DescribeVpcEndpoints",
+                "ec2:DescribeRouteTables",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeVpcAttribute",
+                "ec2:DescribeNetworkInterfaces"
+            ],
+            "Effect": "Allow",
+            "Resource": "*"
+          }
+        ]
+      }
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
+  name: example-permission
+  labels:
+    testing.upbound.io/example-name: policy-attachment
+spec:
+  forProvider:
+    policyArnSelector:
+      matchLabels:
+        testing.upbound.io/example-name: policy
+    roleSelector:
+      matchLabels:
+        testing.upbound.io/example-name: role
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
+  labels:
+    testing.upbound.io/example-name: example
+  name: example-permission
+spec:
+  forProvider:
+    region: us-west-1
+    vpcIdRef:
+      name: example-permission
+    cidrBlock: 172.16.10.0/24
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroup
+metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
+  labels:
+    testing.upbound.io/example-name: example
+  name: example-permission
+spec:
+  forProvider:
+    description: Allow TLS inbound traffic
+    name: allow_tls
+    tags:
+      Name: allow_tls
+    region: us-west-1
+    vpcIdRef:
+      name: example-permission
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: VPC
+metadata:
+  annotations:
+    meta.upbound.io/example-id: lambda/v1beta1/permission
+  labels:
+    testing.upbound.io/example-name: example
+  name: example-permission
+spec:
+  forProvider:
+    region: us-west-1
+    cidrBlock: 172.16.0.0/16
+    tags:
+      Name: example-permission