Menu
According to the documentation for AWS::Serverless::Function in the Serverless Application Model, it is possible to specify a list of IAM Policy Document Objects (PDO) for the Policies property of a Resource.
However, the AWS Toolkit for Visual Studio is flagging a syntax error when I try to define an IAM PDO:
Here is a full example of my Resources section:
"Resources": {
"Example" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
"Handler": "Example::Example.Controllers.ExampleController::ExampleAction",
"Runtime": "dotnetcore2.0",
"CodeUri": "",
"MemorySize": 256,
"Timeout": 30,
"Policies": [{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
}],
"Events": {
"PutResource": {
"Type": "Api",
"Properties": {
"Path": "/{id}",
"Method": "GET"
}
}
}
}
}
}
Is there something I'm getting wrong, or is there an issue with either SAM or the AWS Toolkit syntax validation?
727
When a user tries to access a Lambda resource, Lambda considers both the user's identity-based policies and the resource's resource-based policy. When an AWS service such as Amazon Simple Storage Service (Amazon S3) calls your Lambda function, Lambda considers only the resource-based policy.
A Lambda function's execution role is an AWS Identity and Access Management (IAM) role that grants the function permission to access AWS services and resources.
If the permissions between a Lambda function and an Amazon S3 bucket are incomplete or incorrect, then Lambda returns an Access Denied error.
Attach the IAM policy to an IAM roleNavigate to the IAM console and choose Roles in the navigation pane. Choose Create role. Choose AWS service and then choose Lambda. Choose Next: Permissions.
I just updated the VS CloudFormation schema. The problem should go away the next time you restart Visual Studio.
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
