我有一个允许或读取对kinesis流(AWSLambdaKinesisExecutionRole)的访问权限的托管策略,我正在尝试添加其他权限,以允许对PutRecord和PutRecords的写访问权限到了kinesis流。
我的serverless.yml目前看起来像 -
resources:
Resources:
kinesisFullAccessRole:
Type: AWS::IAM::Role
Properties:
RoleName: kinesis-full-access-role
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole
Policies:
- PolicyName: kinesis-write-access
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- kinesis:PutRecord
- kinesis:PutRecords
Resource:
- "arn:<some_arn>:stream/inbound-message-stream-dev"
我仍然收到is not authorized to perform: kinesis:PutRecord on resource错误。我做错了什么?