Login/Register
Allow lambda to access particular s3 bucket in serverless config
Asked Answered
Solved amazon-web-servicesamazon-s3aws-lambdaserverlessamazon-policy
A

1

10

How can I allow specific lambda to access to a particular s3 bucket in the serverless.yml?

For example, I am porting file upload functionality to lambda by using serverless. To upload a file to a particular s3 bucket, I need to allow lambda to access to that s3 bucket. How can I do this in the serverless.yml?

Alainaalaine answered 2/7, 2018 at 3:31 Comment(0)
M
21

From Serverless Framework - AWS Lambda Guide - IAM:

To add specific rights to this service-wide Role, define statements in provider.iamRoleStatements which will be merged into the generated policy.

service: new-service
 
provider:
  name: aws
  iam:
    role:
      statements:
        - Effect: 'Allow'
          Action:
            - 's3:ListBucket'
          Resource:
            Fn::Join:
              - ''
              - - 'arn:aws:s3:::'
                - Ref: ServerlessDeploymentBucket
        - Effect: 'Allow'
          Action:
            - 's3:PutObject'
          Resource:
            Fn::Join:
              - ''
              - - 'arn:aws:s3:::'
                - Ref: ServerlessDeploymentBucket
                - '/*'
Madai answered 2/7, 2018 at 4:22 Comment(5)
Yep. Thanks. So the "Ref" means the ref of the bucket where the application is deployed right? How can I get the ref of it?Alainaalaine
It would either be a reference to a bucket created elsewhere in the template, or insert the ARN of an existing bucket (eg arn:aws:s3:::my-bucket).Madai
Got it. Thanks!Alainaalaine
I had to add " - '/*' " underneath the Ref line. You'll see in the example from the serverless docs that are linked.Unsheathe
Ended up by setting 'arn:aws:s3:::${file(./s3config.json):bucketName}/*'Utilitarianism

© 2022 - 2024 — McMap. All rights reserved.