Role property instead of
Policies in the AWS::Serverless::Function.
When you use the Policies property, the policies that you've specified will be appended to the default role for this function. Since you didn't specify a role in the template, one is created for you, which has the AWSLambdaBasicExecutionRole.
So, create an IAM role that contains the least privilege polies that you need and then just reference the ARN of that role in the AWS::Serverless::Function. Note that if the
Role property is set, the
Policies property is ignored.
How to create an API gateway with multiple stages in AWS Serverless Application Model (SAM)?
AWS SAM CLI: Deploy AWS Lambda with least privilege accessasked 5 months ago
How to set CloudWatch logs retention policy for Lambda in AWS Serverless Application Model (SAM)?Accepted Answer
Update Existing Lambda Function using SAM.Accepted Answerasked 3 months ago
How can I publish an application containing an AWS::Serverless::Function resource with a FunctionUrlConfig property?Accepted Answerasked 2 months ago
Can not find 'create lambda functions' in Cloud9Accepted Answerasked a month ago
Licensing an AWS serverless applicationasked 22 days ago
Can you create API Gateway methods using a CloudFormation template without a Lambda proxy function?Accepted Answerasked 4 years ago
How to create Lambda using AWS Serverless Application Model (SAM) without an AWS managed IAM policy?
AWS SAM: set the authorization cache TTL in the resource template (AWS::Serverless::Api)asked 4 months ago