Using List of IAM Policy Document Objects as AWS::Serverless::Function Policies

Asked 29/6, 2018 at 17:8 Answered 19/7, 2018 at 20:55

Solved amazon-web-services aws-serverless aws-visual-studio-toolkit serverless-application-model

According to the documentation for AWS::Serverless::Function in the Serverless Application Model, it is possible to specify a list of IAM Policy Document Objects (PDO) for the Policies property of a Resource.

However, the AWS Toolkit for Visual Studio is flagging a syntax error when I try to define an IAM PDO:

Here is a full example of my Resources section:

"Resources": { "Example" : { "Type" : "AWS::Serverless::Function", "Properties": { "Handler": "Example::Example.Controllers.ExampleController::ExampleAction", "Runtime": "dotnetcore2.0", "CodeUri": "", "MemorySize": 256, "Timeout": 30, "Policies": [{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "*", "Resource": "*" } }], "Events": { "PutResource": { "Type": "Api", "Properties": { "Path": "/{id}", "Method": "GET" } } } } } }

Is there something I'm getting wrong, or is there an issue with either SAM or the AWS Toolkit syntax validation?

Namesake answered 29/6, 2018 at 17:8 Comment(2)

Have you attempted to deploy this despite Visual Studio's objections? If it works, then it's a bug in whatever code inspector VS is using. Also, have you tried to make "Statements" value a list of objects instead of a single object? Long shot, but easy to try. – Claritaclarity 11/7, 2018 at 0:12

@Claritaclarity Hmmm... I tried this when I posted the issue and the deployment failed because of a syntax validation. Yesterday I updated the AWS Toolkit and now it works. So it seems you're right - there is a bug with the code inspector. Not sure where to report it though! – Namesake 11/7, 2018 at 10:55

I just updated the VS CloudFormation schema. The problem should go away the next time you restart Visual Studio.

Filly answered 19/7, 2018 at 20:55 Comment(0)

I think the issue is in your syntax is that it should be a statement array, because there can be multiple policies as below,

"Statement":[ 
              {
                "Effect": "Allow",
                "Action": "*",
                "Resource": "*"
              }
            ]

example of having multiple policies will be as below,

"Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "dynamodb:Query"
              ],
              "Resource": "arn:aws:dynamodb:${region}:*:table/${project}-songs-${dev}/*/*"
            },
            {
              "Effect": "Allow",
              "Action": [
                "dynamodb:GetItem"                  ],
              "Resource": "arn:aws:dynamodb:${region}:*:table/${project}-users-${dev}"
            },

         ]

Lemma answered 13/7, 2018 at 6:35 Comment(0)

I just updated the VS CloudFormation schema. The problem should go away the next time you restart Visual Studio.

Filly answered 19/7, 2018 at 20:55 Comment(0)

It seems the problem is caused by syntax parsing issues in Visual Studio and the AWS Toolkit. I raised an issue on GitHub and you can track it here: https://github.com/aws/aws-sdk-net/issues/1001

Namesake answered 19/7, 2018 at 12:0 Comment(1)

And for future reference github.com/aws/aws-sdk-net/issues is the right place to report issues like this. I'll notice those question sooner. – Filly 19/7, 2018 at 22:34

Recommended topics

Hot tags