Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to wildcard aws lambda function permission in resource

Tags:

amazon-web-services

aws-lambda

amazon-iam

Hi I have a lot of lambda functions that needs lambda:UpdateFunctionCode permission. Its too troublesome to input all the functions' ARNs in the resource field. All my functions has a prefix, when I try to use prefix* in the resource field it does not allow me.

This is what I tried but didn't work.

"arn:aws:lambda:ap-southeast-1:xxxxxxxx:function:prefix*"

Is there a way I can use a wildcard for this?

Edit: added a fake account number.

like image 376
Karias Bolster Avatar asked Mar 14 '19 09:03

Karias Bolster

People also ask

How do I allow my AWS Lambda function access to other AWS resources?

Open the Functions page of the Lambda console. Choose a function. Choose Configuration and then choose Permissions. Scroll down to Resource-based policy and then choose View policy document.

How do I restrict access to Lambda function?

You can further restrict access using lambda:AddPermission and lambda:RemovePermission to a principal that is included in a passed policy. You can also limit lambda:UpdateEventSourceMapping and lambda:DeleteEventSourceMapping to a particular event source mapping.

How are permissions provided to Lambda functions?

Lambda execution role permissions are given in the form of specific API action identifiers (for example, s3:GetObject). These action identifiers are listed in the Action element of an IAM policy statement.

What is wildcard permissions?

Wildcard permissions grant broad permissions, often for many permissions or resources. Many AWS managed policies, such as AdministratorAccess , provide broad access intended only for user roles. These should never be applied to Lambda functions.

1 Answers

Although this is a good feature to have but I have verified with AWS support

(1) Function name format cannot include "*" (https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html#SSS-AddPermission-request-FunctionName)

(2) they have submit a feature request internally. The support also suggest you could also raise the concerns on the Github[3][4] page so that the Quickstart team can directly address them.

[3] https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#resource-types

[4] https://github.com/awslabs/serverless-application-model/issues

like image 55
GreenLake4964 Avatar answered Sep 24 '22 16:09

GreenLake4964
Sign in to Comment

Related questions

AWS Glue export to parquet issue using glueContext.write_dynamic_frame.from_options
Trace full-request / response bodies in AWS ApiGateway (not truncated)
AWS AppSync Versioning
awscli - lambda function update trigger
What is maximum length of AWS ARN?
AWS Lambda Policy Length Exceeded - adding rules to a lambda function
Increasing AWS Lambda response body payload size
AWS Cloudformation | Configure Lambda to Use Latest Version of Code in S3 Bucket
AWS Lambda async code execution
AWS API Gateway: API Key Limit
List S3 objects with public read permissions (in private bucket)
s3 proxy on kubernetes using Ingress
Amazon athena can't read S3 JSON Object files and Athena select query returns empty result sets for JSON key columns
Setting up local https network to mock amazonaws.com in docker
Is it safe to use flock on AWS EFS to emulate a critical section?
Lambda cannot access KMS Key
How to enforce SSL on presigned S3 URL
How to create a Lambda function using AWS SDK for Java 2.0
Access AWS S3 bucket from a container on a server
CodeDeploy step of CodePipeline because of insufficient role permissions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!