本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon SAM 连接器参考
本节包含Amazon Serverless Application Model (Amazon SAM) 连接器资源类型的参考信息。有关连接器的简介,请参阅使用 Amazon SAM 连接器管理资源权限。
连接器支持的源资源和目的地资源类型
AWS::Serverless::Connector
资源类型支持源资源资源和目的地资源之间一定数量的连接。在 Amazon SAM 模板中配置连接器时,请使用下表来参考支持的连接以及需要为每种源资源和目的地资源类型定义的属性。有关在模板中配置连接器的更多信息,请参阅AWS::Serverless::Connector。
对于源资源和目标资源,如果在同一个模板中定义,则使用 Id
属性。或者,可以添加 Qualifier
以缩小您定义的资源范围。当资源不在同一个模板中时,请使用受支持属性的组合。
要请求新连接,请在无服务器应用程序模型 Amazon GitHub 存储库中提交新问题
源类型 | 目的地类型 | 权限 | 源属性 | 目的地属性 |
---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
连接器创建的 IAM 策略
本节记录了使用连接器时 Amazon SAM 创建的 Amazon Identity and Access Management(IAM)策略。
AWS::DynamoDB::Table
到AWS::Lambda::Function
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams" ], "Resource": [ "%{Source.Arn}/stream/*" ] } ] }
AWS::Events::Rule
到AWS::SNS::Topic
-
策略类型
AWS::SNS::TopicPolicy
附加在AWS::SNS::Topic
上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sns:Publish", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] }
AWS::Events::Rule
到AWS::Events::EventBus
-
策略类型
客户管理型策略附加在
AWS::Events::Rule
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Events::Rule
到AWS::StepFunctions::StateMachine
-
策略类型
客户管理型策略附加在
AWS::Events::Rule
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Events::Rule
到AWS::Lambda::Function
-
策略类型
AWS::Lambda::Permission
附加在AWS::Lambda::Function
上。访问类别
Write
{ "Action": "lambda:InvokeFunction", "Principal": "events.amazonaws.com", "SourceArn": "%{Source.Arn}" }
AWS::Events::Rule
到AWS::SQS::Queue
-
策略类型
AWS::SQS::QueuePolicy
附加在AWS::SQS::Queue
上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] }
AWS::Lambda::Function
到AWS::Lambda::Function
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::Function
到AWS::S3::Bucket
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListMultipartUploadParts" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:RestoreObject" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }
AWS::Lambda::Function
到AWS::DynamoDB::Table
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
AWS::Lambda::Function
到AWS::SQS::Queue
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:GetQueueAttributes" ], "Resource": [ "%{Destination.Arn}" ] } ] }
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:SendMessage", "sqs:ChangeMessageVisibility", "sqs:PurgeQueue" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::Function
到AWS::SNS::Topic
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::Function
到AWS::StepFunctions::StateMachine
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution", "states:StartSyncExecution" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:StopExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] } ] }
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "states:DescribeStateMachine", "states:ListExecutions" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:DescribeExecution", "states:DescribeStateMachineForExecution", "states:GetExecutionHistory" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] } ] }
AWS::Lambda::Function
到AWS::Events::EventBus
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::Function
到AWS::Location::PlaceIndex
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "geo:DescribePlaceIndex", "geo:GetPlace", "geo:SearchPlaceIndexForPosition", "geo:SearchPlaceIndexForSuggestions", "geo:SearchPlaceIndexForText" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::ApiGatewayV2::Api
到AWS::Lambda::Function
-
策略类型
AWS::Lambda::Permission
附加在AWS::Lambda::Function
上。访问类别
Write
{ "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}" }
AWS::ApiGateway::RestApi
到AWS::Lambda::Function
-
策略类型
AWS::Lambda::Permission
附加在AWS::Lambda::Function
上。访问类别
Write
{ "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}" }
AWS::SNS::Topic
到AWS::SQS::Queue
-
策略类型
AWS::SQS::QueuePolicy
附加在AWS::SQS::Queue
上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] }
AWS::SNS::Topic
到AWS::Lambda::Function
-
策略类型
AWS::Lambda::Permission
附加在AWS::Lambda::Function
上。访问类别
Write
{ "Action": "lambda:InvokeFunction", "Principal": "sns.amazonaws.com", "SourceArn": "%{Source.Arn}" }
AWS::SQS::Queue
到AWS::Lambda::Function
-
策略类型
客户管理型策略附加在
AWS::Lambda::Function
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:DeleteMessage" ], "Resource": [ "%{Source.Arn}" ] } ] }
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:GetQueueAttributes" ], "Resource": [ "%{Source.Arn}" ] } ] }
AWS::S3::Bucket
到AWS::Lambda::Function
-
策略类型
AWS::Lambda::Permission
附加在AWS::Lambda::Function
上。访问类别
Write
{ "Action": "lambda:InvokeFunction", "Principal": "s3.amazonaws.com", "SourceArn": "%{Source.Arn}", "SourceAccount": "${AWS::AccountId}" }
AWS::StepFunctions::StateMachine
到AWS::Lambda::Function
-
策略类型
客户管理型策略附加在
AWS::StepFunctions::StateMachine
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::StepFunctions::StateMachine
到AWS::SNS::Topic
-
策略类型
客户管理型策略附加在
AWS::StepFunctions::StateMachine
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::StepFunctions::StateMachine
到AWS::SQS::Queue
-
策略类型
客户管理型策略附加在
AWS::StepFunctions::StateMachine
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:SendMessage" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::StepFunctions::StateMachine
到AWS::S3::Bucket
-
策略类型
客户管理型策略附加在
AWS::StepFunctions::StateMachine
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListMultipartUploadParts" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:RestoreObject" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }
AWS::StepFunctions::StateMachine
到AWS::DynamoDB::Table
-
策略类型
客户管理型策略附加在
AWS::StepFunctions::StateMachine
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
AWS::StepFunctions::StateMachine
到AWS::StepFunctions::StateMachine
-
策略类型
客户管理型策略附加在
AWS::StepFunctions::StateMachine
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "states:DescribeExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] }, { "Effect": "Allow", "Action": [ "events:DescribeRule" ], "Resource": [ "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" ] } ] }
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:StopExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule" ], "Resource": [ "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" ] } ] }
AWS::StepFunctions::StateMachine
到AWS::Events::EventBus
-
策略类型
客户管理型策略附加在
AWS::StepFunctions::StateMachine
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::AppSync::DataSource
到AWS::DynamoDB::Table
-
策略类型
客户管理型策略附加在
AWS::AppSync::DataSource
角色上。访问类别
Read
{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
AWS::AppSync::DataSource
到AWS::Lambda::Function
-
策略类型
客户管理型策略附加在
AWS::AppSync::DataSource
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}:*" ] } ] }
AWS::AppSync::DataSource
到AWS::Events::EventBus
-
策略类型
客户管理型策略附加在
AWS::AppSync::DataSource
角色上。访问类别
Write
{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::AppSync::GraphQLApi
到AWS::Lambda::Function
-
策略类型
AWS::Lambda::Permission
附加在AWS::Lambda::Function
上。访问类别
Write
{ "Action": "lambda:InvokeFunction", "Principal": "appsync.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}" }