我有此模板可将.net核心Web api部署到无服务器的AWS中。我想设置lambda函数(不是api-gateway)的基于资源的策略。现在,它会自动以这样的条件生成
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:region:accountid:id/*/*/*"
}
}
我只是不想让它全部允许
/*/*/*
,并希望根据我的需要进行自定义。
serverless.template文件
{
"AWSTemplateFormatVersion": "2010-09-09",
"Transform": "AWS::Serverless-2016-10-31",
"Description": "",
"Parameters": {
"LambdaExecutionRole": {
"Type": "String",
"Description": ""
},
"EnvironmentName": {
"Type": "String",
"Description": ""
}
},
"Globals":{
"Api": {
"BinaryMediaTypes": ["multipart/form-data"],
"Cors": {
"AllowMethods": "'GET,POST,PUT,DELETE,OPTIONS'",
"AllowHeaders": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,entity-context,user-context'",
"AllowOrigin": "'*'",
"AllowCredentials": "'true'"
}
}
},
"Resources": {
"ACEApi": {
"Type": "AWS::Serverless::Function",
"Properties": {
"FunctionName": "Api",
"Handler": "ACE.Api.Aws.Serverless::Api.Aws.Serverless.LambdaEntryPoint::FunctionHandlerAsync",
"Runtime": "dotnetcore2.1",
"CodeUri": "",
"MemorySize": 512,
"Timeout": 60,
"Environment" : {
"Variables" : {
"ASPNETCORE_ENVIRONMENT": { "Ref" : "EnvironmentName" }
}
},
"Role": {
"Ref": "LambdaExecutionRole"
},
"Events": {
"proxy": {
"Type": "Api",
"Properties": {
"Path": "/{proxy+}",
"Method": "any"
}
}
}
}
}
},
"Outputs": {
"ApiURL": {
"Description": "API endpoint URL for Prod environment",
"Value": {
"Fn::Sub": "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/"
}
}
}
}