setting iam role to allow it to read from the bucket

2026-06-08 11:17:27 +00:00 · 2023-07-20 10:04:50 +01:00 · 2023-07-20 10:04:50 +01:00 · 7a69a7255c
commit 7a69a7255c
parent ff180a67e2
1 changed files with 12 additions and 0 deletions
--- a/serverless.yml
+++ b/serverless.yml
@ -12,6 +12,18 @@ provider:
    PLAN_TRIGGER_BUCKET: ${env:PLAN_TRIGGER_BUCKET}
    DOMAIN_NAME: ${env:DOMAIN_NAME}
    EPC_AUTH_TOKEN: ${env:EPC_AUTH_TOKEN}
+  # Give lambda access to read from the bucket
+  iam:
+    role:
+      name: fastapi_backend_${env:PLAN_TRIGGER_BUCKET}_access
+      statements:
+        - Effect: Allow
+          Action:
+            - s3:GetObject
+            - s3:ListBucket
+          Resource:
+            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}
+            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/*


 package: