堆栈内存溢出
  简体   繁体   English

如何通过 AWS SAM 提供 Lambda S3 策略

[英]How to provide Lambda S3 policy via AWS SAM

 原文  2021-04-16 13:53:35       amazon-web-services/ amazon-s3/ lambda/ amazon-cloudformation/ aws-sam

问题描述

I'm trying to provide my Lambda function with the S3FullAccessPolicy policy.我正在尝试为我的 Lambda function 提供 S3FullAccessPolicy 策略。 Note the target bucket is not configured within the template.yaml - it already exists.请注意,目标存储桶未在template.yaml中配置。yaml - 它已经存在。 Considering the syntax examples from this documentation I have three options:考虑到本文档中的语法示例,我有三个选项:

1.AWS managed policy named: 1.AWS托管策略命名:

  Policies:
  - S3FullAccessPolicy

2.AWS SAM policy template (SQSPollerPolicy) defined: 2.AWS SAM策略模板(SQSPollerPolicy)定义:

Policies:
  - S3FullAccessPolicy:
      BucketName: abc-bucket-name

3.Or an inline policy document: 3.或内联政策文件:

  Policies:
  - Statement:
    ...

In trying #1 I get an error that says it seems to suggest I need to provide an arn.在尝试 #1 时,我收到一个错误,提示我需要提供一个 arn。 If this is the case where would I provide it?如果是这种情况,我将在哪里提供? The error:错误:

1 validation error detected: Value 'S3FullAccessPolicy' at 'policyArn' failed to satisfy constraint:
 Member must have length greater than or equal to 20

For #2 I provide the bucket name but it says that the policy is 'invalid'.对于#2,我提供了存储桶名称,但它表示该策略“无效”。 I've tried adding quotes and replacing the name with an arn - but no luck.我尝试添加引号并用 arn 替换名称 - 但没有运气。

And #3 - I can find the code for the policy here but that's in yaml so I wonder if that's even what I'm supposed to be using.和#3 - 我可以在这里找到该政策的代码,但那是在 yaml 所以我想知道这是否是我应该使用的。

What am I missing here?我在这里想念什么? I'm open to using any one of these options but right now I'm 0/3.我愿意使用这些选项中的任何一个,但现在我是 0/3。

The full Lambda function:完整的 Lambda function:

  testFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: lambda/testFunction/
      Handler: app.lambda_handler
      Runtime: python3.8
      Timeout: 900
      Policies:
        - S3FullAccessPolicy

1 个解决方案

解决方案1
 2 已采纳  2021-04-16 20:13:30

I used below template without any issues.我使用下面的模板没有任何问题。

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31


Resources:
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./hello_world/
      Handler: app.lambda_handler
      Runtime: python3.8
      Tracing: Active
      Policies:
        - S3FullAccessPolicy:
            BucketName: existingbucketname # bucket name without arn

Ran it using below command and it deployed successfully.使用以下命令运行它并成功部署。

sam deploy --stack-name sample-stack --s3-bucket bucket-to-deploy --capabilities CAPABILITY_IAM

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过写入 S3 存储桶的 SAM 本地运行 AWS lambda? - How to run a AWS lambda via SAM local that writes to an S3 bucket? AWS SAM 让 lambda 访问 dynamodb 和 S3 - AWS SAM give lambda access to dynamodb and S3 上载到S3的AWS SAM Lambda函数返回无效响应 - AWS SAM Lambda function to upload to S3 returns invalid response AWS SAM 无法调用 Rekognition 并从 Lambda 访问 S3 - AWS SAM Unable to call Rekognition and access S3 from Lambda AWS SAM 模板:问题将 S3 事件映射到 Lambda - AWS SAM Template: Issue mapping S3 events to Lambda 如何使用 lambda function AWS SAM 添加策略以访问密钥 - How to add policy to access secret with lambda function AWS SAM 如何使用 AWS SAM 将基于资源的策略添加到 lambda - How to add a resource based policy to a lambda using AWS SAM 如何通过 AWS CLI 更新 Amazon S3 存储桶策略? - How to update an Amazon S3 Bucket Policy via the AWS CLI? SAM 模板中的 AWS AppConfig 验证 Lambda 策略 - AWS AppConfig Validation Lambda Policy in SAM Template 如何在 AWS SAM 模板中限制对 S3 存储桶的公共访问 - How restrict public access to S3 Bucket in AWS SAM Template
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM