我正在尝试使用AWS SAM构建基于AWS lambda的应用程序。在部署时,我注意到为lambda创建的IAM策略之一具有错误的ARN。如下所示(格式不正确):
{
"Statement": [
{
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:BatchWriteItem"
],
"Resource": [
"arn:aws:dynamodb:ap-south-1:286214033472:table/arn:aws:dynamodb:ap-south-1:286214033472:table/damoLambda-DynamoDBTable-11I5VYQXQKPHH",
"arn:aws:dynamodb:ap-south-1:286214033472:table/arn:aws:dynamodb:ap-south-1:286214033472:table/damoLambda-DynamoDBTable-11I5VYQXQKPHH/index/*"
],
"Effect": "Allow"
}
]
}
DynamoDB表本身是由SAM模板创建的,并在lambda策略部分中进行了引用,如下所示:
TestFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: FileExtractorFunction
Handler: helloworld.App::handleRequest
Runtime: java8
MemorySize: 512
Policies:
- CloudWatchPutMetricPolicy: {}
- S3ReadPolicy:
BucketName: !Ref S3BucketName
- DynamoDBWritePolicy:
TableName: !GetAtt DynamoDBTable.Arn
Environment:
Variables:
DynamoDB_Table_Name: !Ref DynamoDBTable
........................................
........................................
........................................
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
“政策”部分的所有内容均按预期工作。
对于策略部分,我不确定这是AWS错误还是做错了。
答案 0 :(得分:0)
我解决了,这仅仅是因为我将!GetAtt DynamoDBTable.Arn替换为Policy部分中的!Ref DynamoDBTable。
- DynamoDBWritePolicy:
TableName: !Ref DynamoDBTable
看起来像AWS SAM模板引擎缺少必要的验证并且对象模型不好,!GetAtt DynamoDBTable.Arn应该返回ARN类型的Object而不是String。