DEVHIDE
Login Or Sign up

Using List of IAM Policy Document Objects as AWS::Serverless::Function Policies

283 Views Asked by At

According to the documentation for AWS::Serverless::Function in the Serverless Application Model, it is possible to specify a list of IAM Policy Document Objects (PDO) for the Policies property of a Resource.

However, the AWS Toolkit for Visual Studio is flagging a syntax error when I try to define an IAM PDO: enter image description here

Here is a full example of my Resources section:

"Resources": { "Example" : { "Type" : "AWS::Serverless::Function", "Properties": { "Handler": "Example::Example.Controllers.ExampleController::ExampleAction", "Runtime": "dotnetcore2.0", "CodeUri": "", "MemorySize": 256, "Timeout": 30, "Policies": [{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "*", "Resource": "*" } }], "Events": { "PutResource": { "Type": "Api", "Properties": { "Path": "/{id}", "Method": "GET" } } } } } }

Is there something I'm getting wrong, or is there an issue with either SAM or the AWS Toolkit syntax validation?

amazon-web-services aws-serverless aws-visual-studio-toolkit serverless-application-model
Original Q&A
3

There are 3 best solutions below

0
On BEST ANSWER

I just updated the VS CloudFormation schema. The problem should go away the next time you restart Visual Studio.

0
On

I think the issue is in your syntax is that it should be a statement array, because there can be multiple policies as below,

"Statement":[ 
              {
                "Effect": "Allow",
                "Action": "*",
                "Resource": "*"
              }
            ]

example of having multiple policies will be as below,

"Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "dynamodb:Query"
              ],
              "Resource": "arn:aws:dynamodb:${region}:*:table/${project}-songs-${dev}/*/*"
            },
            {
              "Effect": "Allow",
              "Action": [
                "dynamodb:GetItem"                  ],
              "Resource": "arn:aws:dynamodb:${region}:*:table/${project}-users-${dev}"
            },

         ]
1
On

It seems the problem is caused by syntax parsing issues in Visual Studio and the AWS Toolkit. I raised an issue on GitHub and you can track it here: https://github.com/aws/aws-sdk-net/issues/1001

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AWS-SERVERLESS

Related Questions in AWS-VISUAL-STUDIO-TOOLKIT

Related Questions in SERVERLESS-APPLICATION-MODEL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.