AWS application composer - is there any way to specify additional IAM POLICY
I am using AWS application composer to create my serverless stack.
Specifically on Lambdas, i need to add additional IAM policies that have been included in my Lambda code logic. For example, some of the AWS service IAM policies access. I know I can add the additional access after deployment at the AWS IAM page, however this is not ideal especially we might forget or it would be difficult to pass the setup code and templates to other teams.
Any insights? Thanks.
I have searched the reference or documentation but could not find any workaround.
If you are referring to policies attached to Lambda service role, you can add it.
Since Application Composer uses SAM AWS::Serverless::Function templating, you should be able to add it under the Policies field, it is in the Application Composer console under Details as well (you need to scroll down to the bottom)
As stated in the documentation -
This property accepts a single string or a list of strings, and can be the name of AWS managed policies or AWS SAM policy templates, or inline IAM policy documents formatted in YAML.
You can try to add that in. For example:
- Upload via presigned request - 403 forbidden for Unicode Filename
- Best practices for developing scalable video transcoding server on Amazon Web Services?
- Enable compression for AWS SQS Java API or how to tell if it's already on?
- Getting no basic auth credential from AWS ECR when pulling image
- How to load npm modules in AWS Lambda?
- Amazon EFS vs S3: Which is better for appending small chunks of data to large files?
- Is there a way to delay DynamoDB stream emissions while nearly parallel data is upserted to a record?
- Push docker image to amazon ecs repository
- AWS SSM Agent - Using the aws cli, is there a way to list all the AWS instances that are missing the SSM agent?
- CloudFormation is not authorized to perform: iam:PassRole on resource
- S3 - Access-Control-Allow-Origin Header
- How to run AWS codeartifact login and keep default registry
- aws s3api restore-object permission error
- AWS Amplify Functions allow.resource() not working
- Is it possible to enrich a message on an sqs queue
- Does EKS Auto Mode use AWS Load Balancer Controller?
- kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
- AWS Elasticache -- How to flush node from console?
- How to parameterize prevent_destroy lifecycle configuration in Terraform?
- RDS instance start: which subnet/AZ is selected?
- Connection refused error (127.0.0.1:4566) for Localstack S3
- Problem with file directory link in amazon s3
- Can I use aws-advanced-jdbc-wrapper with MySQL?
- Creating Lambda Snapstart with Typescript CDK
- How to force SQL Server container to immediately update MDF file in Docker volume?
- AWS Cloudwatch agent config file removed after startup
- AWS lambda SQS does not allow to process 1 message per 1 invocation
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Cloudfront redirect when signed cookies not present
- AWS Lambda and DynamoDB - updatetItem is not a function