如何在 SAM 模板中创建 IAM 角色,就像我在 SAM 包中所做的那样。我尝试了如下:
"lambdaFunctionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com",
"apigateway.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
},
"ManagedPolicyArns": [
{
"Ref": "lambdaBasePolicy"
}
],
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:*",
"dynamodb:*",
"iam:ListRoles",
"ses:*",
"events:*"
],
"Resource": "*"
}
] …我正在研究SAM模板,用于在AWS Serverless存储库中发布我的应用程序。但是,当我尝试为lambda添加策略时,会显示错误消息:Invalid Serverless Application Specification文档。发现的错误数量:1.错误:ID为[SyncPostDataFromSfLambda]的资源无效。“策略”属性中仅支持策略模板。
以下是我的SAM模板的示例:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Transform": "AWS::Serverless-2016-10-31",
"Description": "Deployment",
"Resources": {
"SyncPostDataToSfLambda": {
"Type": "AWS::Serverless::Function",
"Properties": {
"Handler": "index.handler",
"FunctionName": "myLambdaFunction",
"CodeUri": "s3 URL",
"Runtime": "nodejs6.10",
"MemorySize": 512,
"Policies": [
"AmazonDynamoDBFullAccess"
],
"Events": {
"PostResource": {
"Type": "Api",
"Properties": {
"RestApiId": {
"Ref": "API"
},
"Path": "/apipath",
"Method": "post"
}
}
}
}
}
}
}
我为 x-amazon-apigateway-integration 添加了以下代码,如果我遗漏了某些内容,请告诉我。谢谢
x-amazon-apigateway-integration:
httpMethod: post
type: aws
uri:
Fn::Sub:
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${FunctionArn}/invocations
- { FunctionArn: !GetAtt PriceAPIFunction.Arn}
responses:
default:
statusCode: '200'