我在cloudformation的serverless中创建了一个S3 bucket,如下所示:
s3bucket:
Type: 'AWS::S3::Bucket'
BucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket: !Ref 's3bucket'
PolicyDocument:
Id: ProdAnsiblePolicy
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
AWS: 'arn:aws:iam::*******:user/prodAnsible'
Action: 's3:*'
Resource:
- !Join ['', ['arn:aws:s3:::', !Ref 's3bucket']]
serverless documentation
. 为了清楚起见,我需要在cloud formation中创建这个S3 bucket,这样我就可以访问prodAnsible用户。
update_tenant_config:
handler: functions/tenants_handlers.update_tenant_config
events:
- s3:
bucket: s3bucket
event: s3:ObjectRemoved:*
existing: true
提前感谢您的帮助!