AWS AppSync IAM DynamoDb角色

时间:2018-03-11 23:18:25

标签: amazon-dynamodb amazon-iam aws-appsync

我正在尝试创建一个简单的IAM角色,让我的AppSync服务连接到我的DynamoDb数据库,但由于AppSync处于预览状态,因此IAM无法将AppSync识别为服务。如何创建IAM角色以使AppSync具有对DynamoDb的完全访问权限?

1 个答案:

答案 0 :(得分:8)

信任关系方面看起来像这样

示例受信任的关系文档 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "appsync.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

政策文件与

基本相同

示例政策文档 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

如果您使用的是CloudFormation模板,则可能如下所示

示例CloudFormation模板 

  AppSyncRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: "Allow"
            Principal:
              Service:
                - "appsync.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Policies:
        -
          PolicyName: "appsync-policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              -
                Effect: "Allow"
                Action:
                  - "dynamodb:PutItem"
                  - "dynamodb:UpdateItem"
                  - "dynamodb:DeleteItem"
                  - "dynamodb:GetItem"
                  - "dynamodb:Query"
                  - "dynamodb:Scan"
                Resource: "*"
相关问题
最新问题