堆栈内存溢出
  简体   繁体   English

如何使用 lambda function AWS SAM 添加策略以访问密钥

[英]How to add policy to access secret with lambda function AWS SAM

 原文  2021-01-18 15:19:00       amazon-web-services

问题描述

I am trying to give access permission of secret manager to my lambda function in SAM template but it is giving me error that policy statement is malformed.我正在尝试在 SAM 模板中向我的 lambda function 授予秘密管理器的访问权限,但它给我的错误是策略声明格式错误。

     Policies:
      - Statement:
      - Sid: AWSSecretsManagerGetSecretValuePolicy
        Effect: Allow
        Action: secretsmanager:GetSecretValue
        Resource: <arn >

Can some one let me know the correct way of adding policy to my lambda function.有人可以告诉我向我的 lambda function 添加策略的正确方法吗? I am using SAM template (Type: AWS::Serverless::Function)我正在使用 SAM 模板(类型:AWS::Serverless::Function)

4 个解决方案

解决方案1
 0  2021-01-18 15:52:36

There are SAM Policy Templates where one of them is AWSSecretsManagerGetSecretValuePolicy you can use them directly in the definition.SAM 策略模板,其中之一是AWSSecretsManagerGetSecretValuePolicy ,您可以直接在定义中使用它们。

Or if you wanna manage the policies yourself.或者,如果您想自己管理政策。

    QueryFunction:
        Type: AWS::Serverless::Function
        Properties:
        Handler: lambda_handler.lambda
        Policies:
            - AmazonDynamoDBFullAccess
            - AWSLambdaVPCAccessExecutionRole
            - SSMParameterReadPolicy:
                ParameterName: parameter_name
            - Statement:
                - Effect: Allow
                Action:
                    - dynamodb:*
                Resource: 'resource_arn'
        Runtime: python3.7

解决方案2
 0  2021-05-07 12:43:50

Try this:尝试这个:

    Policies:
      - Version: '2012-10-17'
        Statement:
          - Sid: AWSSecretsManagerGetSecretValuePolicy
            Effect: Allow
            Action: secretsmanager:GetSecretValue
            Resource: <arn >

解决方案3
 0  2021-05-19 14:46:54

This policy on the lambda works for me (YAML) lambda 上的此政策适用于我 (YAML)

Policies:
  - AWSSecretsManagerGetSecretValuePolicy:
      SecretArn:
        Ref: THE_NAME_YOU_GAVE_YOUR_SECRET_RESOURCE

解决方案4
 0  2021-09-17 22:03:30

This policy only accepts ARN of a secret, so secret name will not work.此策略仅接受密钥的 ARN,因此密钥名称不起作用。 https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-template-list.html#secrets-manager-get-secret-value-policy https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-template-list.html#secrets-manager-get-secret-value-policy

Below works for me.下面对我有用。

Resources:  
MyFunction:
Type: AWS::Serverless::Function
Properties:
  CodeUri: MyProject/
  Handler: app
  Policies:
    - AWSSecretsManagerGetSecretValuePolicy:
        SecretArn: 'arn:aws:secretsmanager:####'

or passing it as a parameter或将其作为参数传递

    - AWSSecretsManagerGetSecretValuePolicy:
        SecretArn: !Ref RdsSecretArn

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 AWS SAM 将基于资源的策略添加到 lambda - How to add a resource based policy to a lambda using AWS SAM aws Lambda 函数访问策略 - aws Lambda function access policy 如何通过 AWS SAM 提供 Lambda S3 策略 - How to provide Lambda S3 policy via AWS SAM AWS SAM-如何将参数传递给Lambda函数 - AWS SAM - How to pass parameters to Lambda Function 如何从 aws lambda function 隐藏密钥和访问 ID? - How to hide secret keys and access ID from aws lambda function? SAM 模板中的 AWS AppConfig 验证 Lambda 策略 - AWS AppConfig Validation Lambda Policy in SAM Template 以编程方式设置 AWS lambda 函数访问策略 - AWS lambda set function access policy programmatically 将内联策略添加到 aws SAM 模板 - Add inline policy to aws SAM template 如何使用 AWS SAM 更新现有 lambda function - How to update existing lambda function using AWS SAM 如何读取 .NET lambda 函数中的 aws sam 参数 - How to read aws sam parameter in .NET lambda function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM