stackoom
  简体   繁体   中英

Why I am getting IamRoleLambdaExecution error when creating a lambda function with dynamodb and s3 bucket?

 原文  2022-12-16 10:32:18       amazon-web-services/ serverless/ aws-serverless

Question

I am using dynamodb and s3 object, in my lambda function. I am getting IamRoleLambdaExecution, error when I try to deploy the lambda function.

The full error says

Actions/Conditions must be prefaced by a vendor, e.g., iam, sdb, ec2, etc. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: e1083796-7b8d-45d2-a9ac-8a9f01f78a6a; Proxy: null)

Here is my serverless.yaml

service: serverless-gpt-app

frameworkVersion: "3"

provider:
  name: aws
  stage: prod
  region: eu-central-1
  runtime: nodejs14.x
  memorySize: 256

  iam:
    role:
      statements:
        - Effect: Allow
          Action:
            - dynamodb:DescribeTable
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:UpdateItem
            - dynamodb:DeleteItem
            - s3*
          Resource:
            - arn:aws:s3:::user-text-bucket/*
            - arn:aws:dynamodb:eu-central-1:183747912409:table/user-text


functions:
  hello:
    handler: app.server
    events: # events trigger lambda functions
      - http: # this is an API Gateway HTTP event trigger
          path: /
          method: ANY
          cors: true
      - http: # all routes get proxied to the Express router
          path: /{proxy+}
          method: ANY
          cors: true

1 answers

solution1
 0  2022-12-16 13:31:30

It should be like below with s3:* and with separate statements for different resources:

iam:
    role:
      statements:
        - Effect: Allow
          Action:
            - dynamodb:DescribeTable
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:UpdateItem
            - dynamodb:DeleteItem
          Resource:
            - arn:aws:dynamodb:eu-central-1:183747912409:table/user-text
        - Effect: Allow
          Action:
            - s3:*
          Resource:
            - arn:aws:s3:::user-text-bucket/*

Formatting may need adjusting as it's written from my phone.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question I am getting multer error : unexpected field when i was trying to upload files in aws s3 bucket Know when upload to s3 bucket is complete AWS S3 bucket notification lambda throws exception (Service: Amazon S3; Status Code: 404; Error Code: NoSuchKey) AWS Lambda function processes same dynamodb stream multiple times. What am I missing? Upload Image into S3 bucket using Api Gateway, Lambda funnction How can I decode a .gz file from S3 using an AWS Lambda function? How to ignore S3 Bucket Already Owned By You error Error uploading from Laravel 5.4 to S3 bucket Backup AWS Dynamodb to S3 Delete a bucket in S3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM