如何在无服务器框架中分配函数级别 IamRoleStatements?

How do I assign function level IamRoleStatements in Serverless Framework?

我想为 serverless.yml

中列出的不同功能分配不同的权限
 functions:
  hello:
    handler: handler.hello
  crawl-distributor:
    handler: CrawlDistributor.handler
  product-scanner:
    handler: ProductScanner.handler
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:*
          - lambda:*
        Resource: "*"

这似乎不起作用。当我在提供程序级别添加 iamRoleStatements 时,它起作用了,但最终将权限应用于所有功能。

 provider:
  name: aws
  runtime: nodejs4.3
  stage: api
  region: us-east-1
  profile: dev
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:*
        - lambda:*
      Resource: "*"

docs 开始,您需要在 resources 下创建函数角色并在您的函数中引用这个新角色。

示例:

service: my-test

provider:
  name: aws
  runtime: nodejs4.3
  stage: api
  region: us-east-1
  profile: dev

functions:
  hello:
    handler: handler.hello
  crawl-distributor:
    handler: CrawlDistributor.handler
  product-scanner:
    role: myDynamoRole
    handler: ProductScanner.handler

resources:
  Resources:
    myDynamoRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: myDynamoRole
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: sts:AssumeRole
        Policies:
          - PolicyName: myPolicyName
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - dynamodb:*
                    - lambda:*
                  Resource: "*"