Thursday, August 04, 2016

Trust Relationship and Policies for AWS API Gateway and Lambdas

Your Policy for the lambda should set up everything your lambda is allowed to do. This includes passing a role.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1470153553000",
            "Effect": "Allow",
            "Action": [
                "dynamodb:*"
            ],
            "Resource": [
                "arn:aws:dynamodb:us-west-2:439753510372:table/YoYoDyne_Products"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:*:*:*"
            ]
        },
        {
            "Sid": "Stmt1449789105000",
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
Your policy also needs to have a trust relationship.
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "",
           "Effect": "Allow",
           "Principal": {
               "Service": ["lambda.amazonaws.com", "apigateway.amazonaws.com"]
           },
           "Action": "sts:AssumeRole"
       }
   ]
}

1 comment:

likitha said...

Thank you for your guide to with upgrade information about AWS keep update at
AWS Online Course