Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 如何在AWS lambda中创建新IAM::角色的同时创建yml_Amazon Web Services_Templates_Yaml_Amazon Cloudformation - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 如何在AWS lambda中创建新IAM::角色的同时创建yml

Amazon web services 如何在AWS lambda中创建新IAM::角色的同时创建yml

amazon-web-services templates yaml amazon-cloudformation

Amazon web services 如何在AWS lambda中创建新IAM::角色的同时创建yml,amazon-web-services,templates,yaml,amazon-cloudformation,Amazon Web Services,Templates,Yaml,Amazon Cloudformation,在AWS云形成模板中,如何创建新的lambda(test_lambda_role)角色 正在访问s3:getObject、RDS访问(RDS db:connect) 不使用上述模板创建的Lambda函数AssumePolicyDocument用于信任策略,如中所述: 因此,只有lambda执行角色的模板可以是: AWSTemplateFormatVersion: 2010-09-09 Parameters: testlambdarole: Type: String

在AWS云形成模板中,如何创建新的lambda(test_lambda_role)角色

正在访问s3:getObject、RDS访问(RDS db:connect)

不使用上述模板创建的Lambda函数

AssumePolicyDocument
用于信任策略,如中所述:

因此,只有lambda执行角色的模板可以是:

AWSTemplateFormatVersion: 2010-09-09

Parameters: 

  testlambdarole:
    Type: String
    Default: role-name
      
Resources: 

  Role:  
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Ref testlambdarole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'               
        Statement:
          - Effect: Allow
            Principal: {'Service': ['lambda.amazonaws.com']}
            Action: ['sts:AssumeRole']      
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AWSLambdaExecute
      Policies:
        - PolicyName: S3Access
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: 
                  - s3:getObject
                Resource: "*"
        - PolicyName: RdsAccess
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: 
                  - rds-db:connect
                Resource: "*"
您需要调整
策略
以完全满足您的需要。

如果我需要红移访问权限,只需再添加一项内容,下面的内容是否正确`-策略名称:RdsAccess策略文档:版本:“2012-10-17”语句:-效果:“允许”操作:-红移数据库:连接资源:“*”`@Maws是的,您可以为其他权限添加新策略。还有其他的可能性,但我认为这种方式是最普遍的。 
AWSTemplateFormatVersion: 2010-09-09

Parameters: 

  testlambdarole:
    Type: String
    Default: role-name
      
Resources: 

  Role:  
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Ref testlambdarole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'               
        Statement:
          - Effect: Allow
            Principal: {'Service': ['lambda.amazonaws.com']}
            Action: ['sts:AssumeRole']      
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AWSLambdaExecute
      Policies:
        - PolicyName: S3Access
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: 
                  - s3:getObject
                Resource: "*"
        - PolicyName: RdsAccess
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: 
                  - rds-db:connect
                Resource: "*"