Not able to add policies in SAM template

Question

I am working on SAM template for publishing my Application in AWS Serverless repository. But when I try to add policies for my lambda it shows me error: Invalid Serverless Appli

Answer 1

It seems, that currently only SAM Policy Templates can be used.

AWS maintains the authoritative information/overview of SAM Policy Templates here: https://docs.aws.amazon.com/serverlessrepo/latest/devguide/using-aws-sam.html

This document also states that, if you need further AWS Resources and/or Policy Templates, you should contact the AWS Support.

A short overview and example of how to use them can be found here: https://github.com/awslabs/serverless-application-model/blob/master/examples/2016-10-31/policy_templates/all_policy_templates.yaml

Here's the overview of currently supported SAM Policy Templates at the time of posting this answer:

• SQSPollerPolicy (provides sqs:DeleteMessage, sqs:ReceiveMessage)
• LambdaInvokePolicy (provides lambda:InvokeFunction)
• CloudWatchPutMetricPolicy (provides cloudwatch:PutMetricData)
• EC2DescribePolicy (provides ec2:DescribeRegions, ec2:DescribeInstances)
• DynamoDBCrudPolicy (provides dynamodb:GetItem, dynamodb:DeleteItem, dynamodb:PutItem, dynamodb:Scan, dynamodb:Query, dynamodb:UpdateItem, dynamodb:BatchWriteItem, dynamodb:BatchGetItem)
• DynamoDBReadPolicy (provides dynamodb:GetItem, dynamodb:Scan, dynamodb:Query, dynamodb:BatchGetItem)
• SESSendBouncePolicy (provides ses:SendBounce)
• ElasticsearchHttpPostPolicy (provides es:ESHttpPost)
• S3ReadPolicy (provides s3:GetObject, s3:ListBucket, s3:GetBucketLocation, s3:GetObjectVersion, s3:GetLifecycleConfiguration)
• S3CrudPolicy (provides s3:GetObject, s3:ListBucket, s3:GetBucketLocation, s3:GetObjectVersion, s3:PutObject, s3:GetLifecycleConfiguration, s3:PutLifecycleConfiguration)
• AMIDescribePolicy (provides ec2:DescribeImages)
• CloudFormationDescribeStacksPolicy (provides cloudformation:DescribeStacks)
• RekognitionNoDataAccessPolicy (provides rekognition:CompareFaces, rekognition:DetectFaces, rekognition:DetectLabels, rekognition:DetectModerationLabels)
• RekognitionReadPolicy (provides rekognition:ListCollections, rekognition:ListFaces, rekognition:SearchFaces, rekognition:SearchFacesByImage)
• RekognitionWriteOnlyAccessPolicy (provides rekognition:CreateCollection, rekognition:IndexFaces)
• SQSSendMessagePolicy (provides sqs:SendMessage*)
• SNSPublishMessagePolicy (provides sns:Publish)
• VPCAccessPolicy (provides ec2:CreateNetworkInterface, ec2:DeleteNetworkInterface, ec2:DescribeNetworkInterfaces, ec2:DetachNetworkInterface)
• DynamoDBStreamReadPolicy (provides dynamodb:DescribeStream, dynamodb:GetRecords, dynamodb:GetShardIterator, dynamodb:ListStreams)
• KinesisStreamReadPolicy (provides kinesis:ListStreams, kinesis:DescribeLimits)
• SESCrudPolicy (provides ses:GetIdentityVerificationAttributes, ses:SendEmail, ses:VerifyEmailIdentity)
• SNSCrudPolicy (provides sns:ListSubscriptionsByTopic, sns:CreateTopic, sns:SetTopicAttributes, sns:Subscribe, sns:Publish)
• KinesisCrudPolicy (provides kinesis:AddTagsToStream, kinesis:CreateStream, kinesis:DecreaseStreamRetentionPeriod, kinesis:DeleteStream, kinesis:DescribeStream, kinesis:GetShardIterator, kinesis:IncreaseStreamRetentionPeriod, kinesis:ListTagsForStream, kinesis:MergeShards, kinesis:PutRecord, kinesis:PutRecords, kinesis:SplitShard, kinesis:RemoveTagsFromStream)
• KMSDecryptPolicy (provides kms:Decrypt)

Almost any of those Policy Templates have to be configured. Please read the AWS documentation (links above) about how to configure these templates.