Add inline policy to aws SAM template
Question
I'm using SAM Template to create my serverless application.
Using the tag Policies under the properties of the resource I can add standard policies like this:
Resources:
QueryFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: query/
Handler: app.lambda_handler
Policies:
- AmazonDynamoDBFullAccess
- AWSLambdaVPCAccessExecutionRole
Runtime: python3.7
The problem is that I need to attach an inline policy to access only a specific DynamoDB table.
How can i put this inline policy in the template?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "dynamo_db_table_endpoint"
}
]
}
Thanks
1 answers
solution1
9 ACCPTED 2019-12-09 13:42:10
Try this:
QueryFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: query/
Handler: app.lambda_handler
Policies:
- AmazonDynamoDBFullAccess
- AWSLambdaVPCAccessExecutionRole
- Version: '2012-10-17' # Policy Document
Statement:
- Effect: Allow
Action:
- dynamodb:*
Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint'
Runtime: python3.7
Amazon DynamoDB: Allows Access to a Specific Table
If you would like to pass your tableName as parameter change Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint' to Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}'
Hope this helps
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.