stackoom
  简体   繁体   中英

How to add policy to access secret with lambda function AWS SAM

 原文  2021-01-18 15:19:00       amazon-web-services

Question

I am trying to give access permission of secret manager to my lambda function in SAM template but it is giving me error that policy statement is malformed.

     Policies:
      - Statement:
      - Sid: AWSSecretsManagerGetSecretValuePolicy
        Effect: Allow
        Action: secretsmanager:GetSecretValue
        Resource: <arn >

Can some one let me know the correct way of adding policy to my lambda function. I am using SAM template (Type: AWS::Serverless::Function)

4 answers

solution1
 0  2021-01-18 15:52:36

There are SAM Policy Templates where one of them is AWSSecretsManagerGetSecretValuePolicy you can use them directly in the definition.

Or if you wanna manage the policies yourself.

    QueryFunction:
        Type: AWS::Serverless::Function
        Properties:
        Handler: lambda_handler.lambda
        Policies:
            - AmazonDynamoDBFullAccess
            - AWSLambdaVPCAccessExecutionRole
            - SSMParameterReadPolicy:
                ParameterName: parameter_name
            - Statement:
                - Effect: Allow
                Action:
                    - dynamodb:*
                Resource: 'resource_arn'
        Runtime: python3.7

solution2
 0  2021-05-07 12:43:50

Try this:

    Policies:
      - Version: '2012-10-17'
        Statement:
          - Sid: AWSSecretsManagerGetSecretValuePolicy
            Effect: Allow
            Action: secretsmanager:GetSecretValue
            Resource: <arn >

solution3
 0  2021-05-19 14:46:54

This policy on the lambda works for me (YAML) 

Policies:
  - AWSSecretsManagerGetSecretValuePolicy:
      SecretArn:
        Ref: THE_NAME_YOU_GAVE_YOUR_SECRET_RESOURCE

solution4
 0  2021-09-17 22:03:30

This policy only accepts ARN of a secret, so secret name will not work. https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-template-list.html#secrets-manager-get-secret-value-policy

Below works for me.

Resources:  
MyFunction:
Type: AWS::Serverless::Function
Properties:
  CodeUri: MyProject/
  Handler: app
  Policies:
    - AWSSecretsManagerGetSecretValuePolicy:
        SecretArn: 'arn:aws:secretsmanager:####'

or passing it as a parameter

    - AWSSecretsManagerGetSecretValuePolicy:
        SecretArn: !Ref RdsSecretArn

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add a resource based policy to a lambda using AWS SAM aws Lambda function access policy How to provide Lambda S3 policy via AWS SAM AWS SAM - How to pass parameters to Lambda Function How to hide secret keys and access ID from aws lambda function? AWS AppConfig Validation Lambda Policy in SAM Template AWS lambda set function access policy programmatically Add inline policy to aws SAM template How to update existing lambda function using AWS SAM How to read aws sam parameter in .NET lambda function
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM