Authorising Access With IAM Policies
In this lesson, you will learn how to configure IAM to allow storage access.
We'll cover the following
Configuring IAM #
Passing a reference to the bucket in an environment variable will let the Lambda function know where to write, but it still won’t have the permission to do so. You will need to configure IAM to allow storage access. SAM hides that complexity significantly and avoids dozens of lines of boilerplate code for each function. It has convenient policy templates for popular AWS services, including S3. In this case, you can use the S3FullAccessPolicy
, which gives a Lambda function read and write access to all objects in a bucket.
In the ProcessFormFunction
template, specify a Policies
property, followed by a list of policies. (Note that YAML uses dashes to create lists, so you’ll need to use a dash prefix before each element in the Policy list.) This section should be at the same indentation level as the other function properties, so Policies
should be aligned with Events
and Environment
:
Get hands-on with 1200+ tech skills courses.