允许 lambda 访问无服务器配置中的特定 s3 存储桶
Allow lambda to access particular s3 bucket in serverless config
如何允许特定的 lambda 访问 serverless.yml 中的特定 s3 存储桶?
例如,我正在使用无服务器将文件上传功能移植到 lambda。要将文件上传到特定的 s3 存储桶,我需要允许 lambda 访问该 s3 存储桶。我如何在 serverless.yml 中执行此操作?
来自Serverless Framework - AWS Lambda Guide - IAM:
To add specific rights to this service-wide Role, define statements in provider.iamRoleStatements which will be merged into the generated policy.
service: new-service
provider:
name: aws
iam:
role:
statements:
- Effect: 'Allow'
Action:
- 's3:ListBucket'
Resource:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: ServerlessDeploymentBucket
- Effect: 'Allow'
Action:
- 's3:PutObject'
Resource:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: ServerlessDeploymentBucket
- '/*'
如何允许特定的 lambda 访问 serverless.yml 中的特定 s3 存储桶?
例如,我正在使用无服务器将文件上传功能移植到 lambda。要将文件上传到特定的 s3 存储桶,我需要允许 lambda 访问该 s3 存储桶。我如何在 serverless.yml 中执行此操作?
来自Serverless Framework - AWS Lambda Guide - IAM:
To add specific rights to this service-wide Role, define statements in
provider.iamRoleStatementswhich will be merged into the generated policy.
service: new-service
provider:
name: aws
iam:
role:
statements:
- Effect: 'Allow'
Action:
- 's3:ListBucket'
Resource:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: ServerlessDeploymentBucket
- Effect: 'Allow'
Action:
- 's3:PutObject'
Resource:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: ServerlessDeploymentBucket
- '/*'