我在SAM模板yaml中的AWS::IAM::ManagedPolicy
上附加了一个自定义AWS::Serverless::Function
。托管策略具有通过参数!Sub
允许使用的资源。当我在更改参数值后重新部署此堆栈时,它实际上并没有更新更改集中的托管策略。有什么想法吗?
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31 # allows for AWS SAM defined objects
Description: Serverless for Data Science Platform
Parameters:
MyLambdaParam:
Type: String
Default: "sagemaker-endpoint-name"
Description: SageMaker endpoint's name
...
MyLambdaFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
CodeUri: mylambda/
Handler: app.lambda_handler
Runtime: python3.7
FunctionName: !Sub "${AWS::StackName}-ODSP"
Description: Transforms input and passes along to SageMaker for MyLambda
Policies:
- KMSDecryptPolicy:
KeyId: !Ref KMSKeyId
- !Ref SageMakerInvokeEndpointPolicy
...
SageMakerInvokeEndpointPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: "Allow"
Action:
- "sagemaker:InvokeEndpoint"
Resource:
- !Sub "arn:aws:sagemaker:${AWS::Region}:${AWS::AccountId}:endpoint/${MyLambdaParam}"