I am trying to configure a sam template, I can define a role and deploy, then manually go in the console and add policies which allow me to add a restapi and functions to the sam template and deploy, but I can't get the policy setting in the template so that it is all automated in one deploy.
If I add a policy to the template, deploy always gives a syntax error
Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: a3bb2efb-3920-4298-99af-a15e67f70683; Proxy: null)
I am creating lambda functions that access RDS, so I manually add AWSLambdaVPCAccessExecutionRole to get the function creation to work.
I have tried
- AWSLambdaVPCAccessExecutionRole
- 'AWSLambdaVPCAccessExecutionRole'
- arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
as well as individual policies
- ec2:CreateNetworkInterface
- ec2:DeleteNetworkInterface
- ec2:DescribeNetworkInterface
- ec2:DetachNetworkInterface
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
So far the policy section I have is
STDataAccessPolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: STDataAccess
PolicyDocument:
Version: 2021-10-17
Statement:
- Effect: Allow
Action:
# what goes here
Resource: '*'
Roles:
- !Ref STDataAccessRole