Amazon web services 将语句添加到“无服务器”中;“关键政策”;论KMS资源
我有一个无服务器应用程序,它创建KMS资源:Amazon web services 将语句添加到“无服务器”中;“关键政策”;论KMS资源,amazon-web-services,serverless-framework,aws-serverless,Amazon Web Services,Serverless Framework,Aws Serverless,我有一个无服务器应用程序,它创建KMS资源: # serverless.yml 1 resources: Resources: SomeLambdaRole: Type: AWS::IAM::Role AnotherLambdaRole: Type: AWS::IAM::Role TheKey: Type: AWS::KMS::Key DeletionPolicy: Retain Properties:
# serverless.yml 1
resources:
Resources:
SomeLambdaRole:
Type: AWS::IAM::Role
AnotherLambdaRole:
Type: AWS::IAM::Role
TheKey:
Type: AWS::KMS::Key
DeletionPolicy: Retain
Properties:
Description: The key
Enabled: true
KeyPolicy:
Version: '2012-10-17'
Statement:
- Sid: Allow use of the key
Effect: Allow
Principal:
AWS:
- Fn::GetAtt: [SomeLambdaRole, Arn]
- Fn::GetAtt: [AnotherLambdaRole, Arn]
Action:
- 'kms:Encrypt'
- 'kms:Decrypt'
- 'kms:ReEncrypt'
- 'kms:GenerateDataKey*'
Resource: '*'
从另一个创建了一些角色的无服务器应用程序中,我希望为这些新角色授予与SomeLambdaRole
和另一个lambdarole
对“TheKey”资源相同的权限
这是可能的还是我应该尝试另一种方法
# serverless.yml 2
resources:
Resources:
YetAnotherLambdaRole:
Type: AWS::IAM::Role
# Do something to let this role have the same permission as "SomeLambdaRole" and "AnotherLambdaRole" for the "TheKey" Resource