I am stuck trying to assign permissions to an S3 bucket for my lambda when using the Serverless framework.
I have a single lamba function that ultimately writes a JSON config file to an S3 bucket that I'd like to serve via the web to an application. I initially set up an S3 bucket separately (not in serverless.yml), and my lamba successfully creates the file in the correct S3 bucket, but I get an 'internal server error' when I deploy it to AWS. I assume this is because the permissions set up on deploy don't grant it write access to the bucket.
I am a bit at odds how to do this. I have read this thread e.g., and tried supplementing my serverless.yml with this:
provider:
  name: aws
  runtime: nodejs8.10
  stage: dev
  region: eu-west-1
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:PutObject"
      Resource:
        Fn::Join:
          - ""
          - - "arn:aws:s3:::"
            - Ref: arn:aws:s3:::com.joostschuur.quizdata
In this case, arn:aws:s3:::com.joostschuur.quizdata is the manually created S3 bucket that I set up and would like my deployed lambda to have write access to. However, this results in an error on deploy:
The CloudFormation template is invalid: Template format error: Unresolved resource dependencies [arn:aws:s3:::com.joostschuur.quizdata] in the Resources block of the template
If there is a way to put all the S3 setup into serverless.yml (i.e. specify the bucket, specify that files in it should be accessible via the web etc), I'm happy to do it that way too.
Suggestions?
In iamRoleStatements specification there are and error, it should be:
 iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:PutObject"
      Resource: arn:aws:s3:::com.joostschuur.quizdata/*
Or
 iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:PutObject"
      Resource:
        Fn::Join:
          - ":"
          - - "arn:aws:s3::"
            - "com.joostschuur.quizdata/*"
This error:
The CloudFormation template is invalid: Template format error: Unresolved resource dependencies [arn:aws:s3:::com.joostschuur.quizdata] in the Resources block of the template
is related to:
    - Ref: arn:aws:s3:::com.joostschuur.quizdata
Because this is not a reference to a parameter or a variable.
Enjoy!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With