Amazon web services 云信息管理策略
我不知道如何在我的Cloudformation模板中包含策略以允许 下面的Cloudformation模板创建了一个允许执行my Lambda函数的角色。我现在需要添加一个允许API执行Lambda函数的策略。根据AWS文档,我知道我必须添加以下策略,但我不清楚如何将其附加到我拥有的模板中Amazon web services 云信息管理策略,amazon-web-services,api,amazon-cloudformation,Amazon Web Services,Api,Amazon Cloudformation,我不知道如何在我的Cloudformation模板中包含策略以允许 下面的Cloudformation模板创建了一个允许执行my Lambda函数的角色。我现在需要添加一个允许API执行Lambda函数的策略。根据AWS文档,我知道我必须添加以下策略,但我不清楚如何将其附加到我拥有的模板中 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": [
"arn:aws:execute-api:us-east-1:*:a123456789/test/POST/mydemoresource/*"
]
}
]
}
这是我当前的模板
LambdaServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
Path: "/"
我相信您会希望
AssumePolicyDocument
的操作成为一个列表
LambdaServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
Path: "/"
您是否收到任何特殊错误?