CODEWITHSUNDEEP
amazon-web-servicesaws-lambdaserverless-framework
Joey Yi Zhao
Joey Yi Zhao

Reputation: 42518

How can I provide resource-based policy in my lambda via serverles.yml?

I am using serverless.yml to deploy lambdas to AWS and I'd like to know how to configure the resource-based policy for my lambda.

I deploy a customised alias to my lambda and need to grant invoke:lambda in the policy of the resouce-based policy. So when you open lambda -> configuration -> permission, the policy should appear as below

enter image description here

when I use the role configure in serverless.yml, it only changes the permission for my lambda execution role. How can I modify the Resource-based policy for my lambda?

Upvotes: 3

Views: 4469

Answers (2)

TheCodingMatt
TheCodingMatt

Reputation: 61

An example serverless.yaml would look like this:

  provider:
    name: aws
    runtime: nodejs8.10
    memorySize: 128
    stage: dev
    apiGateway: 
      resourcePolicy:
        - Effect: Allow
          Principal: '*'
          Action: execute-api:Invoke
          Resource:
            - execute-api:/*/*/*
          Condition:
            IpAddress:
              aws:SourceIp:
                - 'your ip here'

How to restrict access to a lambda

Please note that the resource policy currently only works for the REST API Gateways. https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html

HTTP APIs do not support resource policies.

Upvotes: 0

Richard Lee
Richard Lee

Reputation: 2245

I have used before the API Gateway Resource Policy: https://www.serverless.com/framework/docs/providers/aws/events/apigateway/#resource-policy

For the lambda function association directly you can take a look at that thread: https://github.com/serverless/serverless/issues/4926

Upvotes: 2

Related Questions