如何在无服务器框架中将 iamRoleStatements 添加到 S3 触发器桶
How to Add iamRoleStatements to S3 Trigger Bucket in Serverless Framework
当我在 serverless.yml 文件中添加以下代码时
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": [BUCKET NAME] }, "/*" ] ] }
部署时,我收到 “CloudFormation 模板无效:资源之间的循环依赖关系:”
我正在使用 boto3 和 python3 来获取触发器后上传到 S3 存储桶的私有文件事件所以想为该存储桶授予 Lambda 函数 的权限。
我遇到了同样的问题,我花了好几个小时解决它。最后我找到了一个解决方案:NOT ref the bucket.
改变
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": [BUCKET NAME] }, "/*" ] ] }
到
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::<s3-bucket-name>", "/*" ] ] }
或者更简单:
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: "arn:aws:s3:::<s3-bucket-name>/*"
当我在 serverless.yml 文件中添加以下代码时
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": [BUCKET NAME] }, "/*" ] ] }
部署时,我收到 “CloudFormation 模板无效:资源之间的循环依赖关系:”
我正在使用 boto3 和 python3 来获取触发器后上传到 S3 存储桶的私有文件事件所以想为该存储桶授予 Lambda 函数 的权限。
我遇到了同样的问题,我花了好几个小时解决它。最后我找到了一个解决方案:NOT ref the bucket.
改变
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": [BUCKET NAME] }, "/*" ] ] }
到
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::<s3-bucket-name>", "/*" ] ] }
或者更简单:
provider:
name: aws
runtime: python3.6
stage: dev
region: [REGION]
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: "arn:aws:s3:::<s3-bucket-name>/*"