我能够使用serverless.yml:
iamRoleStatements:
- Effect: "Allow"
Action:
- "sqs:SendMessage"
- "sqs:ListQueues"
Resource: "arn:aws:sqs:us-east-1:*:*"
但我想将它仅应用于某个功能。我怎么能这样做?
答案 0 :(得分:0)
从docs开始,您需要在resources下创建函数角色,并在函数中引用此新角色。
示例:
service: my-test
provider:
name: aws
runtime: nodejs6.10
functions:
hello:
role: mySQSRole
handler: handler.hello
resources:
Resources:
mySQSRole:
Type: AWS::IAM::Role
Properties:
RoleName: mySQSRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: myPolicyName
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- sqs:SendMessage
- sqs:ListQueues
Resource: "arn:aws:sqs:us-east-1:*:*"