[英]Add inline policy to aws SAM template
I'm using SAM Template to create my serverless application.我正在使用 SAM 模板来创建我的无服务器应用程序。
Using the tag Policies
under the properties of the resource I can add standard policies like this:使用资源属性下的标签Policies
,我可以添加如下标准策略:
Resources:
QueryFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: query/
Handler: app.lambda_handler
Policies:
- AmazonDynamoDBFullAccess
- AWSLambdaVPCAccessExecutionRole
Runtime: python3.7
The problem is that I need to attach an inline policy to access only a specific DynamoDB table.问题是我需要附加内联策略才能仅访问特定的 DynamoDB 表。
How can i put this inline policy in the template?如何将此内联策略放入模板中?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "dynamo_db_table_endpoint"
}
]
}
Thanks谢谢
Try this:尝试这个:
QueryFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: query/
Handler: app.lambda_handler
Policies:
- AmazonDynamoDBFullAccess
- AWSLambdaVPCAccessExecutionRole
- Version: '2012-10-17' # Policy Document
Statement:
- Effect: Allow
Action:
- dynamodb:*
Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint'
Runtime: python3.7
Amazon DynamoDB: Allows Access to a Specific Table Amazon DynamoDB:允许访问特定表
If you would like to pass your tableName as parameter change Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint'
to Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}'
如果您想将tableName作为参数更改Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint'
传递给Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}'
Hope this helps希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.