难以让角色访问两个表。 template.yaml的示例YAML:
Resources:
MyFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: path/to/something
Handler: index.handler
Runtime: nodejs10.x
Events:
Get:
Type: Api
Properties:
RestApiId: !Ref MyApi
Path: /path/to/other/thing
Method: post
Policies:
DynamoDBCrudPolicy:
TableName:
table1
table2
我需要此功能才能在table1和table2上进行读取/写入,但这不起作用。我尝试过:
- table1
- table2
但这也不起作用。还尝试过:
Policies:
- DynamoDBCrudPolicy:
TableName:
table1
- DynamoDBCrudPolicy:
TableName:
table2
但是那也错了。如何正确执行此操作?
答案 0 :(得分:2)
您遇到什么错误?好像您错过了TableName
的缩进,请尝试以下方法:
Policies:
- DynamoDBCrudPolicy:
TableName: table1
- DynamoDBCrudPolicy:
TableName: table2
PS:我可以将其写到注释中,但是代码格式不正确
答案 1 :(得分:0)
我要做的是像这样为lambda函数创建一个角色:
Resources:
MyFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: path/to/something
Handler: index.handler
Runtime: nodejs10.x
Events:
Get:
Type: Api
Properties:
RestApiId: !Ref MyApi
Path: /path/to/other/thing
Method: post
Role: !GetAtt MyDynamoDBRole.Arn
然后将策略附加到该角色。像这样:
MyDynamoDBRole:
Type: AWS::IAM::Role
Properties:
Path: "/"
Policies:
-
PolicyName: "myDynamoDBPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "dynamodb:BatchGetItem"
- "dynamodb:BatchWriteItem"
- "dynamodb:PutItem"
- "dynamodb:GetItem"
- "dynamodb:Scan"
- "dynamodb:Query"
- "dynamodb:UpdateItem"
- "dynamodb:UpdateTable"
- "dynamodb:GetRecords"
Resource: "arn:aws:dynamodb:us-east-1:123456789012:table/table1"
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Allow
Principal:
Service:
- dynamodb.amazonaws.com
Action: sts:AssumeRole
请注意:,您可能需要调整特定权限以适合您的用例,上面的代码仅是一个示例,用于说明我建议的结构。