我正在尝试创建一个简单的 IAM 角色以让我的 AppSync 服务连接到我的 DynamoDb 数据库,但由于 AppSync 处于预览阶段,IAM 无法将 AppSync 识别为服务。如何创建 IAM 角色以让 AppSync 拥有对 DynamoDb 的完全访问权限?
问问题
1438 次
1 回答
8
受信任的关系方面看起来像这样
示例可信关系文档
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
政策文件与往常基本相同
示例政策文档
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
如果您使用的是 CloudFormation 模板,它可能如下所示
示例 CloudFormation 模板
AppSyncRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "appsync.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
-
PolicyName: "appsync-policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "dynamodb:PutItem"
- "dynamodb:UpdateItem"
- "dynamodb:DeleteItem"
- "dynamodb:GetItem"
- "dynamodb:Query"
- "dynamodb:Scan"
Resource: "*"
于 2018-03-12T00:36:26.340 回答