I am using dynamodb and s3 object, in my lambda function. I am getting IamRoleLambdaExecution, error when I try to deploy the lambda function.
The full error says
Actions/Conditions must be prefaced by a vendor, e.g., iam, sdb, ec2, etc. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: e1083796-7b8d-45d2-a9ac-8a9f01f78a6a; Proxy: null)
Here is my serverless.yaml
service: serverless-gpt-app
frameworkVersion: "3"
provider:
name: aws
stage: prod
region: eu-central-1
runtime: nodejs14.x
memorySize: 256
iam:
role:
statements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- s3*
Resource:
- arn:aws:s3:::user-text-bucket/*
- arn:aws:dynamodb:eu-central-1:183747912409:table/user-text
functions:
hello:
handler: app.server
events: # events trigger lambda functions
- http: # this is an API Gateway HTTP event trigger
path: /
method: ANY
cors: true
- http: # all routes get proxied to the Express router
path: /{proxy+}
method: ANY
cors: true
It should be like below with s3:*
and with separate statements for different resources:
iam:
role:
statements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource:
- arn:aws:dynamodb:eu-central-1:183747912409:table/user-text
- Effect: Allow
Action:
- s3:*
Resource:
- arn:aws:s3:::user-text-bucket/*
Formatting may need adjusting as it's written from my phone.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.