前端之家

  1. 首页
  2. 问答

AWS SAM YAML-多次附加同一策略,或在同一DynamoDB策略上附加多个表

问答

难以让角色访问两个表。 template.yaml的示例YAML:

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: path/to/something
      Handler: index.handler
      Runtime: nodejs10.x
      Events:
        Get:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /path/to/other/thing
            Method: post
      Policies:
        DynamoDBCrudPolicy:
          TableName:
            table1
            table2

我需要此功能才能在table1和table2上进行读取/写入,但这不起作用。我尝试过:

- table1
- table2

但这也不起作用。还尝试过:

Policies:
  - DynamoDBCrudPolicy:
    TableName:
      table1
  - DynamoDBCrudPolicy:
    TableName:
      table2

但是那也错了。如何正确执行此操作?

panlikq 回答:AWS SAM YAML-多次附加同一策略,或在同一DynamoDB策略上附加多个表

您遇到什么错误?好像您错过了TableName的缩进,请尝试以下方法:

Policies:
 - DynamoDBCrudPolicy: 
     TableName: table1
 - DynamoDBCrudPolicy: 
     TableName: table2

PS:我可以将其写到注释中,但是代码格式不正确

,

我要做的是像这样为lambda函数创建一个角色:

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: path/to/something
      Handler: index.handler
      Runtime: nodejs10.x
      Events:
        Get:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /path/to/other/thing
            Method: post
      Role: !GetAtt MyDynamoDBRole.Arn

然后将策略附加到该角色。像这样:

  MyDynamoDBRole:    
    Type: AWS::IAM::Role
    Properties:
      Path: "/"
      Policies:
        -
          PolicyName: "myDynamoDBPolicy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              -
                Effect: "Allow"
                Action:
                  - "dynamodb:BatchGetItem"
                  - "dynamodb:BatchWriteItem"
                  - "dynamodb:PutItem"
                  - "dynamodb:GetItem"
                  - "dynamodb:Scan"
                  - "dynamodb:Query"
                  - "dynamodb:UpdateItem"
                  - "dynamodb:UpdateTable"
                  - "dynamodb:GetRecords"
                Resource: "arn:aws:dynamodb:us-east-1:123456789012:table/table1"
      AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
          -
            Effect: Allow
            Principal:
              Service:
              - dynamodb.amazonaws.com
            Action: sts:AssumeRole

请注意:,您可能需要调整特定权限以适合您的用例,上面的代码仅是一个示例,用于说明我建议的结构。

amazon-cloudformationamazon-web-servicesaws-lambdaaws-samyaml
本文链接:https://www.f2er.com/3153471.html

大家都在问