我能够与serverless.yml一起使用:
iamRoleStatements:
- Effect: "Allow"
Action:
- "sqs:SendMessage"
- "sqs:ListQueues"
Resource: "arn:aws:sqs:us-east-1:*:*"
,但我只想将其应用于某个功能。我该怎么做?
从文档中,您需要在resources下创建功能角色,并在您的功能中引用此新角色。
示例:
service: my-test
provider:
name: aws
runtime: nodejs6.10
functions:
hello:
role: mySQSRole
handler: handler.hello
resources:
Resources:
mySQSRole:
Type: AWS::IAM::Role
Properties:
RoleName: mySQSRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: myPolicyName
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- sqs:SendMessage
- sqs:ListQueues
Resource: "arn:aws:sqs:us-east-1:*:*"