aws-sam | 易学教程

Adding PermissionBoundary fails in SAM template

阅读更多关于 Adding PermissionBoundary fails in SAM template

问题 Below is the SAM template: Resources: HelloWorldFunction: Type: AWS::Serverless::Function Properties: CodeUri: hello-world/ Handler: app.LambdaHandler Runtime: nodejs8.10 Events: MySQSEvent: Type: SQS Properties: Queue: !GetAtt SomeQueue.Arn BatchSize: 10 PermissionsBoundary: "arn:aws:iam::${AWS::AccountId}:policy/AddPermission" SomeQueue: Type: AWS::SQS::Queue AddPermission: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: 2012-10-17 Statement: - Sid:

How to assign a policy to adhoc user?

阅读更多关于 How to assign a policy to adhoc user?

问题 Background: With cross account role someaccountrole , I have access to aws account xyz . Case 1 To create a stack in account xyz , we upload the Cloudformation file through console. Amidst stack creation in Events tab, we see the very first event, as shown below: Case 2 We create EC2 instance in xyz account. Using sam deploy, where sam deploy is a wrapper of aws cloudformation deploy , we run below command from EC2, for stack creation: aws cloudformation deploy --template-file cfntemplate.yml

Unable to install aws-sam-cli using pip on Windows 10

阅读更多关于 Unable to install aws-sam-cli using pip on Windows 10

问题 I'm at my wits end. I'm trying to install aws-sam-cli so that I can test AWS Lambda functions locally. I've followed all the tutorials I can find but I'm stuck. I've installed docker and python 3.7 onto my local machine but when I try to install aws-sam-cli using: pip install aws-sam-cli I get the following error: Could not find a version that satisfies the requirement pypiwin32==220; sys_platform == "win32" and python_version >= "3.6" (from docker>=3.3.0->aws-sam-cli) (from versions: 219,

Could not get the syntax of policy definition in SAM template resource(serverless function)

阅读更多关于 Could not get the syntax of policy definition in SAM template resource(serverless function)

问题 Policy definition of AWS managed policy ( AWSLambdaExecute ) is: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:*" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::*" } ] } But the AWS_documentation gives a sample serverless function using the same policy name AWSLambdaExecute , as shown below: Type: AWS::Serverless::Function Properties: Handler: index.js Runtime: nodejs8.10

Why sam package publishes the artifacts to bucket?

阅读更多关于 Why sam package publishes the artifacts to bucket?

问题 As part of packaging the SAM application, the application published to s3 bucket as shown below: sam package --template-file sam.yaml --s3-bucket mybucket --output-template-file output.yaml Why sam package provides --s3-bucket option? Is this mandatory option? What is the purpose of publishing artifacts to s3 bucket? 回答1: --s3-bucket option in sam package command is mandatory. What the command does is that it takes your local code, uploads it to S3 and returns transformed template where

Create an API Gateway Proxy Resource using SAM

阅读更多关于 Create an API Gateway Proxy Resource using SAM

I have an apparently-simple requirement to create a proxy resource in SAM (Amazon's Serverless Application Model). So simple in fact that Amazon's documentation appears to leave this as an exercise to the reader! I want to create an AWS API Gateway catch-all endpoint to proxy everything to another HTTP service. In the AWS Console, the configuration I am trying to build looks as follows: I have seen this excellent post by Christian Johansen and his related Stack Overflow question here for how to do the same thing in CloudFormation. I suppose I could just use that code in SAM, however, SAM has

How to enable “ApiKeyRequired” property in SAM without explicit swagger definition?

阅读更多关于 How to enable “ApiKeyRequired” property in SAM without explicit swagger definition?

问题 In cloudformation, AWS::ApiGateway::Method has a boolean property ApiKeyRequired . How can i achieve the same in SAM ? I know that we can enable using explicit swagger Configuration. which is like this { "swagger": "2.0", "info": { "version": "1.0", "title": { "Ref": "AWS::StackName" } }, "x-amazon-apigateway-api-key-source": "HEADER", "paths": { "/": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", "type": "aws_proxy", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS:

How to enable “ApiKeyRequired” property in SAM without explicit swagger definition?

阅读更多关于 How to enable “ApiKeyRequired” property in SAM without explicit swagger definition?

In cloudformation, AWS::ApiGateway::Method has a boolean property ApiKeyRequired . How can i achieve the same in SAM ? I know that we can enable using explicit swagger Configuration. which is like this { "swagger": "2.0", "info": { "version": "1.0", "title": { "Ref": "AWS::StackName" } }, "x-amazon-apigateway-api-key-source": "HEADER", "paths": { "/": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", "type": "aws_proxy", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHelloWorld.Arn}/invocations" } }, "responses": {}, "security":

SAM Serverless implicit API vs AWS::Serverless::Api

阅读更多关于 SAM Serverless implicit API vs AWS::Serverless::Api

问题 When configuring a SAM template and defining a AWS::Serverless::Function there is the Events param that accepts an Api type. Does this create an API Gateway resource? What is the difference between this event type and a standalone AWS::Serverless::Api resource? 回答1: The question asks about the APIs referred to in the Event source block of a SAM AWS::Serverless::Function type, such as: MyFunction: Type: AWS::Serverless::Function Properties: ... Events: MyApi: Type: Api Properties: Path: