Not able to add policies in SAM template

aws-lambda serverless
Mayank picture Mayank · Feb 26, 2018 · Viewed 9.3k times · Source

I am working on SAM template for publishing my Application in AWS Serverless repository. But when I try to add policies for my lambda it shows me error: Invalid Serverless Application Specification document. Number of errors found: 1. Errors: Resource with id [SyncPostDataFromSfLambda] is invalid. Only policy templates are supported in 'Policies' property.

Below is the example for my SAM template:

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Transform": "AWS::Serverless-2016-10-31",
    "Description": "Deployment",
    "Resources": {
        "SyncPostDataToSfLambda": {
            "Type": "AWS::Serverless::Function",
            "Properties": {
                "Handler": "index.handler",
                "FunctionName": "myLambdaFunction",
                "CodeUri": "s3 URL",
                "Runtime": "nodejs6.10",
                "MemorySize": 512,
                "Policies": [
                    "AmazonDynamoDBFullAccess"
                ],
                "Events": {
                    "PostResource": {
                        "Type": "Api",
                        "Properties": {
                            "RestApiId": {
                                "Ref": "API"
                            },
                            "Path": "/apipath",
                            "Method": "post"
                        }
                    }
                }
            }
        }
    }
}

Answer

onelaview picture onelaview · Oct 9, 2018

As of today (2018-10-09), SAM template already supports inline policy document.

Here is an example:-

Resources:
  SomeFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      Policies:
      - Statement:
        - Sid: SSMDescribeParametersPolicy
          Effect: Allow
          Action:
          - ssm:DescribeParameters
          Resource: '*'
        - Sid: SSMGetParameterPolicy
          Effect: Allow
          Action:
          - ssm:GetParameters
          - ssm:GetParameter
          Resource: '*'

References:

  1. AWS::Serverless::Function's Policies property on AWS SAM Specification
  2. Related issue on GitHub

Related questions

aws-sam-local environment variables

I am following the readme here: https://github.com/awslabs/aws-sam-local I have a lambda written in python 3.6 and its similar to the helloworld example here : https://github.com/awslabs/aws-sam-local/tree/develop/samples/hello-world/python template.yml looks as …

Read More
What is the difference between a Serverless Function, and a Lambda Function

I am playing around with the Cloudformation Serverless Transformation, and am trying to figure out how and when to use AWS::Serverless::Function or AWS::Lambda::Function. For some reason the Lambda version is used for SAM examples in AWS. …

Read More
Fargate vs Lambda, when to use which?

I'm pretty new to the whole Serverless landscape, and am trying to wrap my head around when to use Fargate vs Lambda. I am aware that Fargate is a serverless subset of ECS, and Lambda is serverless as well but …

Read More