Amazon web services 如何在AWS lambda中创建新IAM::角色的同时创建yml
在AWS云形成模板中,如何创建新的lambda(test_lambda_role)角色 正在访问s3:getObject、RDS访问(RDS db:connect)Amazon web services 如何在AWS lambda中创建新IAM::角色的同时创建yml,amazon-web-services,templates,yaml,amazon-cloudformation,Amazon Web Services,Templates,Yaml,Amazon Cloudformation,在AWS云形成模板中,如何创建新的lambda(test_lambda_role)角色 正在访问s3:getObject、RDS访问(RDS db:connect) 不使用上述模板创建的Lambda函数AssumePolicyDocument用于信任策略,如中所述: 因此,只有lambda执行角色的模板可以是: AWSTemplateFormatVersion: 2010-09-09 Parameters: testlambdarole: Type: String
不使用上述模板创建的Lambda函数
AssumePolicyDocument
用于信任策略,如中所述:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
testlambdarole:
Type: String
Default: role-name
Resources:
Role:
Type: AWS::IAM::Role
Properties:
RoleName: !Ref testlambdarole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: {'Service': ['lambda.amazonaws.com']}
Action: ['sts:AssumeRole']
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSLambdaExecute
Policies:
- PolicyName: S3Access
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- s3:getObject
Resource: "*"
- PolicyName: RdsAccess
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- rds-db:connect
Resource: "*"
您需要调整
策略
以完全满足您的需要。如果我需要红移访问权限,只需再添加一项内容,下面的内容是否正确`-策略名称:RdsAccess策略文档:版本:“2012-10-17”语句:-效果:“允许”操作:-红移数据库:连接资源:“*”`@Maws是的,您可以为其他权限添加新策略。还有其他的可能性,但我认为这种方式是最普遍的。
AWSTemplateFormatVersion: 2010-09-09
Parameters:
testlambdarole:
Type: String
Default: role-name
Resources:
Role:
Type: AWS::IAM::Role
Properties:
RoleName: !Ref testlambdarole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: {'Service': ['lambda.amazonaws.com']}
Action: ['sts:AssumeRole']
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSLambdaExecute
Policies:
- PolicyName: S3Access
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- s3:getObject
Resource: "*"
- PolicyName: RdsAccess
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- rds-db:connect
Resource: "*"