Authorising Access With IAM Policies

Understand how to authorize AWS Lambda functions to access external storage by configuring IAM policies. Explore the use of SAM policy templates for S3, managing roles created by SAM, and customizing permissions to securely allow Lambda functions to read and write to S3 buckets. Prepare to deploy functions with appropriate access settings and verify storage actions.

We'll cover the following...

Configuring IAM
- SAM policies or CloudFormation policies

Configuring IAM #

Passing a reference to the bucket in an environment variable will let the Lambda function know where to write, but it still won’t have the permission to do so. You will need to configure IAM to allow storage access. SAM hides that complexity significantly and avoids dozens of lines of boilerplate code for each function. It has convenient policy templates for popular AWS services, including S3. In this case, you can use the S3FullAccessPolicy, which gives a Lambda function read and write access to all objects in a bucket.

In the ProcessFormFunction template, specify a Policies property, followed by a list of policies. (Note that YAML uses dashes to create lists, so you’ll need to use a dash prefix before each element in the Policy list.) This section should be at the same indentation level as the other function properties, so Policies should be aligned with ...

1.Getting Started

2.Setup Tools for Local Development

3.Creating a Web Service

Cloud Lab

4.Development and Troubleshooting

5.Core Features of AWS Lambda

6.Handling HTTP Requests

7.Using External Storage

8.Cheaper, Faster, Serverless

9.Handling Platform Events

10.Using Application Components

11.Managing Sessions and User Workflows

12.Designing Robust Applications

13.Deployment Options

Cloud Lab

Authorising Access With IAM Policies

Configuring IAM #