Menu
I am working on SAM template for publishing my Application in AWS Serverless repository. But when I try to add policies for my lambda it shows me error: Invalid Serverless Application Specification document. Number of errors found: 1. Errors: Resource with id [SyncPostDataFromSfLambda] is invalid. Only policy templates are supported in 'Policies' property.
Below is the example for my SAM template:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Transform": "AWS::Serverless-2016-10-31",
"Description": "Deployment",
"Resources": {
"SyncPostDataToSfLambda": {
"Type": "AWS::Serverless::Function",
"Properties": {
"Handler": "index.handler",
"FunctionName": "myLambdaFunction",
"CodeUri": "s3 URL",
"Runtime": "nodejs6.10",
"MemorySize": 512,
"Policies": [
"AmazonDynamoDBFullAccess"
],
"Events": {
"PostResource": {
"Type": "Api",
"Properties": {
"RestApiId": {
"Ref": "API"
},
"Path": "/apipath",
"Method": "post"
}
}
}
}
}
}
}
886
As of today (2018-10-09), SAM template already supports inline policy document.
Here is an example:-
Resources:
SomeFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs8.10
Policies:
- Statement:
- Sid: SSMDescribeParametersPolicy
Effect: Allow
Action:
- ssm:DescribeParameters
Resource: '*'
- Sid: SSMGetParameterPolicy
Effect: Allow
Action:
- ssm:GetParameters
- ssm:GetParameter
Resource: '*'
References:
69
Here's the full list of policy templates from the official repo example.
Transform: AWS::Serverless-2016-10-31
Resources:
MyFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: src/
Handler: index.handler
Runtime: nodejs4.3
Policies:
- SQSPollerPolicy:
QueueName: name
- LambdaInvokePolicy:
FunctionName: name
- CloudWatchPutMetricPolicy: {}
- EC2DescribePolicy: {}
- DynamoDBCrudPolicy:
TableName: name
- DynamoDBReadPolicy:
TableName: name
- SESSendBouncePolicy:
IdentityName: name
- ElasticsearchHttpPostPolicy:
DomainName: name
- S3ReadPolicy:
BucketName: name
- S3CrudPolicy:
BucketName: name
- AMIDescribePolicy: {}
- CloudFormationDescribeStacksPolicy: {}
- RekognitionDetectOnlyPolicy: {}
- RekognitionNoDataAccessPolicy:
CollectionId: id
- RekognitionReadPolicy:
CollectionId: id
- RekognitionWriteOnlyAccessPolicy:
CollectionId: id
- RekognitionLabelsPolicy: {}
- SQSSendMessagePolicy:
QueueName: name
- SNSPublishMessagePolicy:
TopicName: name
- VPCAccessPolicy: {}
- DynamoDBStreamReadPolicy:
TableName: name
StreamName: name
- KinesisStreamReadPolicy:
StreamName: name
- SESCrudPolicy:
IdentityName: name
- SNSCrudPolicy:
TopicName: name
- KinesisCrudPolicy:
StreamName: name
- KMSDecryptPolicy:
KeyId: keyId
- SESBulkTemplatedCrudPolicy:
IdentityName: name
- SESEmailTemplateCrudPolicy: {}
- FilterLogEventsPolicy:
LogGroupName: name
- StepFunctionsExecutionPolicy:
StateMachineName: name
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
