amazon-web-services amazon-s3 aws-lambda serverless amazon-policy

Allow lambda to access particular s3 bucket in serverless config

How can I allow specific lambda to access to a particular s3 bucket in the serverless.yml?

For example, I am porting file upload functionality to lambda by using serverless. To upload a file to a particular s3 bucket, I need to allow lambda to access to that s3 bucket. How can I do this in the serverless.yml?

Solution

From Serverless Framework - AWS Lambda Guide - IAM:

To add specific rights to this service-wide Role, define statements in provider.iamRoleStatements which will be merged into the generated policy.

service: new-service
 
provider:
  name: aws
  iam:
    role:
      statements:
        - Effect: 'Allow'
          Action:
            - 's3:ListBucket'
          Resource:
            Fn::Join:
              - ''
              - - 'arn:aws:s3:::'
                - Ref: ServerlessDeploymentBucket
        - Effect: 'Allow'
          Action:
            - 's3:PutObject'
          Resource:
            Fn::Join:
              - ''
              - - 'arn:aws:s3:::'
                - Ref: ServerlessDeploymentBucket
                - '/*'