如何在无服务器框架中分配功能级别IamRoleStatements? [英] How do I assign function level IamRoleStatements in Serverless Framework?
本文介绍了如何在无服务器框架中分配功能级别IamRoleStatements?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想为我的serverless.yml中列出的不同功能分配不同的权限
I want to assign different permissions for different functions listed in my serverless.yml
functions:
hello:
handler: handler.hello
crawl-distributor:
handler: CrawlDistributor.handler
product-scanner:
handler: ProductScanner.handler
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:*
- lambda:*
Resource: "*"
这似乎不起作用.当我在提供程序级别添加iamRoleStatements时,它可以工作,但是最终将权限应用于所有功能.
This doesn't seem to work. When I add the iamRoleStatements at the provider level, it works, but ends up applying the permissions to all the functions.
provider:
name: aws
runtime: nodejs4.3
stage: api
region: us-east-1
profile: dev
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:*
- lambda:*
Resource: "*"
推荐答案
来自文档,您需要在resources
下创建函数角色,并在函数内部引用此新角色.
From docs, you need to create the function role under resources
and reference this new role inside your function.
示例:
service: my-test
provider:
name: aws
runtime: nodejs4.3
stage: api
region: us-east-1
profile: dev
functions:
hello:
handler: handler.hello
crawl-distributor:
handler: CrawlDistributor.handler
product-scanner:
role: myDynamoRole
handler: ProductScanner.handler
resources:
Resources:
myDynamoRole:
Type: AWS::IAM::Role
Properties:
RoleName: myDynamoRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: myPolicyName
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- dynamodb:*
- lambda:*
Resource: "*"
这篇关于如何在无服务器框架中分配功能级别IamRoleStatements?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文