Add inline policy to aws SAM template

About

Asked 9/12, 2019 at 13:15 Answered 9/12, 2019 at 13:42

Solved amazon-web-services aws-lambda amazon-iam aws-sam

I'm using SAM Template to create my serverless application.

Using the tag Policies under the properties of the resource I can add standard policies like this:

Resources:
  QueryFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: query/
      Handler: app.lambda_handler
      Policies:
        - AmazonDynamoDBFullAccess
        - AWSLambdaVPCAccessExecutionRole
      Runtime: python3.7

The problem is that I need to attach an inline policy to access only a specific DynamoDB table.

How can i put this inline policy in the template?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "dynamodb:*",
            "Resource": "dynamo_db_table_endpoint"
        }
    ]
}

Thanks

Faunus answered 9/12, 2019 at 13:15 Comment(0)

Try this:

QueryFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: query/
      Handler: app.lambda_handler
      Policies:
        - AmazonDynamoDBFullAccess
        - AWSLambdaVPCAccessExecutionRole
        - Version: '2012-10-17' # Policy Document
          Statement:
            - Effect: Allow
              Action:
                - dynamodb:*
              Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint'
      Runtime: python3.7

Amazon DynamoDB: Allows Access to a Specific Table

If you would like to pass your tableName as parameter change Resource: 'arn:aws:dynamodb:*:*:table/dynamo_db_table_endpoint' to Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}'

Hope this helps

Pitsaw answered 9/12, 2019 at 13:42 Comment(6)

@Faunus any luck with that? – Pitsaw 9/12, 2019 at 18:35

Can we add multiple resources in this? ex: Resource: [<arn1>,<arn2>] – Eld 28/9, 2020 at 11:39

I'm aware i'm adding to this a year late, but can you only attach the PolicyDocument section or is there a way to build a Policy that adds existing Roles too? e.g. The final example on this page: docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/… – Satirical 18/12, 2020 at 13:31

this isnt working for me in 2023... something changed? – Markhor 30/4, 2023 at 23:55

@AriWaisberg did you find a solution to this? I can confirm it's not working for me either as of May 2023. – Lyrate 23/5, 2023 at 13:55

@AriWaisberg can you explain that approach of commands please? I desire to follow that approach, but for now did not understand you comment. – Tewfik 30/11, 2023 at 18:34

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags