Sep*_*ani 5 amazon-dynamodb amazon-iam aws-appsync
我正在尝试创建一个简单的IAM角色,让我的AppSync服务连接到我的DynamoDb数据库,但由于AppSync处于预览状态,因此IAM无法将AppSync识别为服务.如何创建IAM角色以使AppSync具有对DynamoDb的完全访问权限?
信任关系方面看起来像这样
可信关系示例文档
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
政策文件与以往基本相同
示例策略文档
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
如果您使用的是CloudFormation模板,则可能如下所示
示例CloudFormation模板
AppSyncRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "appsync.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
-
PolicyName: "appsync-policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "dynamodb:PutItem"
- "dynamodb:UpdateItem"
- "dynamodb:DeleteItem"
- "dynamodb:GetItem"
- "dynamodb:Query"
- "dynamodb:Scan"
Resource: "*"
| 归档时间: |
|
| 查看次数: |
883 次 |
| 最近记录: |