具有相同内联策略的AWS SAM多种功能 [英] AWS SAM Multiple Functions with same Inline Policy

查看：86 发布时间：2021/4/13 18:38:51 amazon-web-services aws-lambda aws-sam

本文介绍了具有相同内联策略的AWS SAM多种功能的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

在AWS SAM .yaml模板中，我可以为每个lambda函数声明一个内联策略，如下所示:

In the AWS SAM .yaml template I can declare an inline policy for each lambda function like so:

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Resources:
  MyFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      CodeUri: 's3://my-bucket/function.zip'
      Policies:
      - Statement:
        - Sid: SSMDescribeParametersPolicy
          Effect: Allow
          Action:
          - ssm:DescribeParameters
          Resource: '*'
        - Sid: SSMGetParameterPolicy
          Effect: Allow
          Action:
          - ssm:GetParameters
          - ssm:GetParameter
          Resource: '*'

但是，如果我希望多个功能共享同一个内联策略文档，我们是否可以在模板的全局"部分中声明它?

However if I want multiple functions to share the same inline policy document, do we declare it in the 'Globals' section of the template?

到目前为止，文档使我相信，做到这一点的最干净的方法是使用附加的策略来创建角色，并像这样简单地向每个功能声明角色:

So far the documentation leads me to believe that the cleanest way to do this would be creating a role with the attached policies and simply declaring the role to each function instead like so:

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Resources: 
  MyFunction:
    Type: 'AWS::Serverless::Function' 
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      CodeUri: 's3://my-bucket/function.zip' 
      Role: arn:aws:iam::111111111111:role/SAMPolicy

是否可以在模板中声明内联策略，而仅在每个函数上引用它?

Is there a way to declare an inline policy within the template and simply reference it on each function instead?

推荐答案

如果我希望多个功能共享同一个内联策略文档，是否可以在模板的全局"部分中声明它?是的.这是一个示例:

If I want multiple functions to share the same inline policy document, do we declare it in the 'Globals' section of the template? Yes. Here is an example:

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'

Globals:
  Function:
    Policies:
      - Statement:
          - Sid: SSMDescribeParametersPolicy
            Effect: Allow
            Action:
              - ssm:DescribeParameters
            Resource: '*'
          - Sid: SSMGetParameterPolicy
            Effect: Allow
            Action:
              - ssm:GetParameters
              - ssm:GetParameter
            Resource: '*'

Resources:
  MyFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      CodeUri: 's3://my-bucket/function.zip'
  MyOtherFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      CodeUri: 's3://my-bucket/other-function.zip'

这篇关于具有相同内联策略的AWS SAM多种功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

具有相同内联策略的AWS SAM多种功能 [英] AWS SAM Multiple Functions with same Inline Policy

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

具有相同内联策略的AWS SAM多种功能 [英] AWS SAM Multiple Functions with same Inline Policy

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭