我有以下serverless.yml文件,当我部署它时,我在product-image-dev存储桶上拒绝了权限,如何在iamRoleStatements中设置权限,或者必须在其他地方设置权限。
service: imagecrops
provider:
name: aws
runtime: nodejs4.3
memorySize: 1024
timeout: 20
satege: dev
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:*"
Resource:
- { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ]]}
package:
include:
- bin
- libs
exclude:
- tests
- serverless-nodejs-image
functions:
cropImage:
handler: handler.cropImage
description: Crops images, from S3 bucket and puts into new folder
events:
- s3:
bucket: product-images-dev
event: s3:ObjectCreated:*
rules:
- prefix: uploads/
答案 0 :(得分:7)
我更改了我的serverless.yml文件,如下所示,它开始阅读。
service: imagecrops
provider:
name: aws
runtime: nodejs4.3
memorySize: 1024
timeout: 20
satege: dev
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:*"
Resource:
- { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ]]}
- "arn:aws:s3:::product-images-dev/*"
package:
include:
- bin
- libs
exclude:
- tests
- serverless-nodejs-image
functions:
cropImage:
handler: handler.cropImage
description: Crops images, from S3 bucket and puts into new folder
events:
- s3:
bucket: product-images-dev
event: s3:ObjectCreated:*
rules:
- prefix: uploads/