我正在使用SAM模板创建无服务器应用程序。
在资源属性下使用标签Policies,我可以添加 standard 策略,如下所示:
Resources:
QueryFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: query/
Handler: app.lambda_handler
Policies:
- AmazonDynamoDBFullAccess
- AWSLambdaVPCAccessExecutionRole
Runtime: python3.7
问题是我需要附加一个内联策略以仅访问特定的DynamoDB表。
如何将此内联策略放在模板中?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "dynamo_db_table_endpoint"
}
]
}
谢谢
答案 0 :(得分:1)
尝试一下:
QueryFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: query/
Handler: app.lambda_handler
Policies:
- AmazonDynamoDBFullAccess
- AWSLambdaVPCAccessExecutionRole
- Version: '2012-10-17' # Policy Document
Statement:
- Effect: Allow
Action:
- dynamodb:*
Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint'
Runtime: python3.7
Amazon DynamoDB: Allows Access to a Specific Table
如果您想将您的 tableName 作为参数更改Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint'传递给
Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}'
希望这会有所帮助