Iam RoleΒΆ
Workshop apps hosted inside our environment are protected via managed policy. If you are going through this in your own environment, please use following service role for lambdas.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | provider:
# Lambda function's IAM Role
iamRoleStatements:
- Effect: Allow
Action:
# Allow lambda to create network interface in vpc
- ec2:CreateNetworkInterface
- ec2:DeleteNetworkInterface
- ec2:DescribeNetworkInterfaces
# Allow lambda to write logs
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- "*"
- Effect: Allow
Sid: AllowDynamoDBAccess
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- dynamodb:DescribeTable
Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"
|
Remove the section provider.iamManagedPolicies
from our original serverless.yaml
and insert iamRoleStatements
section from above.