如何在无服务器框架中将 iamRoleStatements 添加到 S3 触发器桶

How to Add iamRoleStatements to S3 Trigger Bucket in Serverless Framework

当我在 serverless.yml 文件中添加以下代码时

provider:
  name: aws
  runtime: python3.6
  stage: dev
  region: [REGION]
  iamRoleStatements:
    - Effect: "Allow"
      Action:
       - "s3:GetObject"
      Resource: { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": [BUCKET NAME] }, "/*" ] ] }

部署时,我收到 “CloudFormation 模板无效:资源之间的循环依赖关系:”

我正在使用 boto3python3 来获取触发器后上传到 S3 存储桶的私有文件事件所以想为该存储桶授予 Lambda 函数 的权限。

我遇到了同样的问题,我花了好几个小时解决它。最后我找到了一个解决方案:NOT ref the bucket.

改变

provider:
  name: aws
  runtime: python3.6
  stage: dev
  region: [REGION]
  iamRoleStatements:
    - Effect: "Allow"
      Action:
       - "s3:GetObject"
      Resource: { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": [BUCKET NAME] }, "/*" ] ] }

provider:
  name: aws
  runtime: python3.6
  stage: dev
  region: [REGION]
  iamRoleStatements:
    - Effect: "Allow"
      Action:
       - "s3:GetObject"
      Resource: { "Fn::Join": ["", ["arn:aws:s3:::<s3-bucket-name>", "/*" ] ] }

或者更简单:

provider:
  name: aws
  runtime: python3.6
  stage: dev
  region: [REGION]
  iamRoleStatements:
    - Effect: "Allow"
      Action:
       - "s3:GetObject"
      Resource: "arn:aws:s3:::<s3-bucket-name>/*"