Amazon SAM 连接器参考 - Amazon Serverless Application Model
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

Amazon SAM 连接器参考

本节包含Amazon Serverless Application Model (Amazon SAM) 连接器资源类型的参考信息。有关连接器的简介,请参阅使用 Amazon SAM 连接器管理资源权限

连接器支持的源资源和目的地资源类型

AWS::Serverless::Connector 资源类型支持源资源资源和目的地资源之间一定数量的连接。在 Amazon SAM 模板中配置连接器时,请使用下表来参考支持的连接以及需要为每种源资源和目的地资源类型定义的属性。有关在模板中配置连接器的更多信息,请参阅AWS::Serverless::Connector

对于源资源和目标资源,如果在同一个模板中定义,则使用 Id 属性。或者,可以添加 Qualifier 以缩小您定义的资源范围。当资源不在同一个模板中时,请使用受支持属性的组合。

要请求新连接,请在无服务器应用程序模型 Amazon GitHub 存储库提交新问题

源类型 目的地类型 权限 源属性 目的地属性

AWS::ApiGateway::RestApi

AWS::Lambda::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::ApiGateway::RestApi

AWS::Serverless::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::ApiGatewayV2::Api

AWS::Lambda::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::ApiGatewayV2::Api

AWS::Serverless::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::AppSync::DataSource

AWS::DynamoDB::Table

Read

IdRoleNameType

IdArnType

AWS::AppSync::DataSource

AWS::DynamoDB::Table

Write

IdRoleNameType

IdArnType

AWS::AppSync::DataSource

AWS::Events::EventBus

Write

IdRoleNameType

IdArnType

AWS::AppSync::DataSource

AWS::Lambda::Function

Write

IdRoleNameType

IdArnType

AWS::AppSync::DataSource

AWS::Serverless::Function

Write

IdRoleNameType

IdArnType

AWS::AppSync::DataSource

AWS::Serverless::SimpleTable

Read

IdRoleNameType

IdArnType

AWS::AppSync::DataSource

AWS::Serverless::SimpleTable

Write

IdRoleNameType

IdArnType

AWS::AppSync::GraphQLApi

AWS::Lambda::Function

Write

IdResourceIdType

IdArnType

AWS::AppSync::GraphQLApi

AWS::Serverless::Function

Write

IdResourceIdType

IdArnType

AWS::DynamoDB::Table

AWS::Lambda::Function

Read

IdArnType

IdRoleNameType

AWS::DynamoDB::Table

AWS::Serverless::Function

Read

IdArnType

IdRoleNameType

AWS::Events::Rule

AWS::Events::EventBus

Write

IdRoleNameType

IdArnType

AWS::Events::Rule

AWS::Lambda::Function

Write

IdArnType

IdArnType

AWS::Events::Rule

AWS::Serverless::Function

Write

IdArnType

IdArnType

AWS::Events::Rule

AWS::Serverless::StateMachine

Write

IdRoleNameType

IdArnType

AWS::Events::Rule

AWS::SNS::Topic

Write

IdArnType

IdArnType

AWS::Events::Rule

AWS::SQS::Queue

Write

IdArnType

IdArnQueueUrlType

AWS::Events::Rule

AWS::StepFunctions::StateMachine

Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::DynamoDB::Table

Read, Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::Events::EventBus

Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::Lambda::Function

Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::Location::PlaceIndex

Read

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::S3::Bucket

Read, Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::Serverless::Function

Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::Serverless::SimpleTable

Read, Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::Serverless::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

AWS::Lambda::Function

AWS::SNS::Topic

Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::SQS::Queue

Read, Write

IdRoleNameType

IdArnType

AWS::Lambda::Function

AWS::StepFunctions::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

AWS::S3::Bucket

AWS::Lambda::Function

Write

IdArnType

IdArnType

AWS::S3::Bucket

AWS::Serverless::Function

Write

IdArnType

IdArnType

AWS::Serverless::Api

AWS::Lambda::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::Serverless::Api

AWS::Serverless::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::Serverless::Function

AWS::DynamoDB::Table

Read, Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::Events::EventBus

Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::Lambda::Function

Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::S3::Bucket

Read, Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::Serverless::Function

Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::Serverless::SimpleTable

Read, Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::Serverless::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

AWS::Serverless::Function

AWS::SNS::Topic

Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::SQS::Queue

Read, Write

IdRoleNameType

IdArnType

AWS::Serverless::Function

AWS::StepFunctions::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

AWS::Serverless::HttpApi

AWS::Lambda::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::Serverless::HttpApi

AWS::Serverless::Function

Write

IdQualifierResourceIdType

IdArnType

AWS::Serverless::SimpleTable

AWS::Lambda::Function

Read

IdArnType

IdRoleNameType

AWS::Serverless::SimpleTable

AWS::Serverless::Function

Read

IdArnType

IdRoleNameType

AWS::Serverless::StateMachine

AWS::DynamoDB::Table

Read, Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::Events::EventBus

Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::Lambda::Function

Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::S3::Bucket

Read, Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::Serverless::Function

Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::Serverless::SimpleTable

Read, Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::Serverless::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

AWS::Serverless::StateMachine

AWS::SNS::Topic

Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::SQS::Queue

Write

IdRoleNameType

IdArnType

AWS::Serverless::StateMachine

AWS::StepFunctions::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

AWS::SNS::Topic

AWS::Lambda::Function

Write

IdArnType

IdArnType

AWS::SNS::Topic

AWS::Serverless::Function

Write

IdArnType

IdArnType

AWS::SNS::Topic

AWS::SQS::Queue

Write

IdArnType

IdArnQueueUrlType

AWS::SQS::Queue

AWS::Lambda::Function

Read, Write

IdArnType

IdRoleNameType

AWS::SQS::Queue

AWS::Serverless::Function

Read, Write

IdArnType

IdRoleNameType

AWS::StepFunctions::StateMachine

AWS::DynamoDB::Table

Read, Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::Events::EventBus

Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::Lambda::Function

Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::S3::Bucket

Read, Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::Serverless::Function

Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::Serverless::SimpleTable

Read, Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::Serverless::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

AWS::StepFunctions::StateMachine

AWS::SNS::Topic

Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::SQS::Queue

Write

IdRoleNameType

IdArnType

AWS::StepFunctions::StateMachine

AWS::StepFunctions::StateMachine

Read, Write

IdRoleNameType

IdArnNameType

连接器创建的 IAM 策略

本节记录了使用连接器时 Amazon SAM 创建的 Amazon Identity and Access Management(IAM)策略。

AWS::DynamoDB::TableAWS::Lambda::Function

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams" ], "Resource": [ "%{Source.Arn}/stream/*" ] } ] }
AWS::Events::RuleAWS::SNS::Topic

策略类型

AWS::SNS::TopicPolicy 附加在 AWS::SNS::Topic 上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sns:Publish", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] }
AWS::Events::RuleAWS::Events::EventBus

策略类型

客户管理型策略附加在 AWS::Events::Rule 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Events::RuleAWS::StepFunctions::StateMachine

策略类型

客户管理型策略附加在 AWS::Events::Rule 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Events::RuleAWS::Lambda::Function

策略类型

AWS::Lambda::Permission 附加在 AWS::Lambda::Function 上。

访问类别

Write

{ "Action": "lambda:InvokeFunction", "Principal": "events.amazonaws.com", "SourceArn": "%{Source.Arn}" }
AWS::Events::RuleAWS::SQS::Queue

策略类型

AWS::SQS::QueuePolicy 附加在 AWS::SQS::Queue 上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] }
AWS::Lambda::FunctionAWS::Lambda::Function

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::FunctionAWS::S3::Bucket

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListMultipartUploadParts" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:RestoreObject" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }
AWS::Lambda::FunctionAWS::DynamoDB::Table

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
AWS::Lambda::FunctionAWS::SQS::Queue

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:GetQueueAttributes" ], "Resource": [ "%{Destination.Arn}" ] } ] }

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:SendMessage", "sqs:ChangeMessageVisibility", "sqs:PurgeQueue" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::FunctionAWS::SNS::Topic

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::FunctionAWS::StepFunctions::StateMachine

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution", "states:StartSyncExecution" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:StopExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] } ] }

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "states:DescribeStateMachine", "states:ListExecutions" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:DescribeExecution", "states:DescribeStateMachineForExecution", "states:GetExecutionHistory" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] } ] }
AWS::Lambda::FunctionAWS::Events::EventBus

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::Lambda::FunctionAWS::Location::PlaceIndex

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "geo:DescribePlaceIndex", "geo:GetPlace", "geo:SearchPlaceIndexForPosition", "geo:SearchPlaceIndexForSuggestions", "geo:SearchPlaceIndexForText" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::ApiGatewayV2::ApiAWS::Lambda::Function

策略类型

AWS::Lambda::Permission 附加在 AWS::Lambda::Function 上。

访问类别

Write

{ "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}" }
AWS::ApiGateway::RestApiAWS::Lambda::Function

策略类型

AWS::Lambda::Permission 附加在 AWS::Lambda::Function 上。

访问类别

Write

{ "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}" }
AWS::SNS::TopicAWS::SQS::Queue

策略类型

AWS::SQS::QueuePolicy 附加在 AWS::SQS::Queue 上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] }
AWS::SNS::TopicAWS::Lambda::Function

策略类型

AWS::Lambda::Permission 附加在 AWS::Lambda::Function 上。

访问类别

Write

{ "Action": "lambda:InvokeFunction", "Principal": "sns.amazonaws.com", "SourceArn": "%{Source.Arn}" }
AWS::SQS::QueueAWS::Lambda::Function

策略类型

客户管理型策略附加在 AWS::Lambda::Function 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:DeleteMessage" ], "Resource": [ "%{Source.Arn}" ] } ] }

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:GetQueueAttributes" ], "Resource": [ "%{Source.Arn}" ] } ] }
AWS::S3::BucketAWS::Lambda::Function

策略类型

AWS::Lambda::Permission 附加在 AWS::Lambda::Function 上。

访问类别

Write

{ "Action": "lambda:InvokeFunction", "Principal": "s3.amazonaws.com", "SourceArn": "%{Source.Arn}", "SourceAccount": "${AWS::AccountId}" }
AWS::StepFunctions::StateMachineAWS::Lambda::Function

策略类型

客户管理型策略附加在 AWS::StepFunctions::StateMachine 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::StepFunctions::StateMachineAWS::SNS::Topic

策略类型

客户管理型策略附加在 AWS::StepFunctions::StateMachine 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::StepFunctions::StateMachineAWS::SQS::Queue

策略类型

客户管理型策略附加在 AWS::StepFunctions::StateMachine 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:SendMessage" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::StepFunctions::StateMachineAWS::S3::Bucket

策略类型

客户管理型策略附加在 AWS::StepFunctions::StateMachine 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListMultipartUploadParts" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:RestoreObject" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }
AWS::StepFunctions::StateMachineAWS::DynamoDB::Table

策略类型

客户管理型策略附加在 AWS::StepFunctions::StateMachine 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
AWS::StepFunctions::StateMachineAWS::StepFunctions::StateMachine

策略类型

客户管理型策略附加在 AWS::StepFunctions::StateMachine 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "states:DescribeExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] }, { "Effect": "Allow", "Action": [ "events:DescribeRule" ], "Resource": [ "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" ] } ] }

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:StopExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule" ], "Resource": [ "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" ] } ] }
AWS::StepFunctions::StateMachineAWS::Events::EventBus

策略类型

客户管理型策略附加在 AWS::StepFunctions::StateMachine 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::AppSync::DataSourceAWS::DynamoDB::Table

策略类型

客户管理型策略附加在 AWS::AppSync::DataSource 角色上。

访问类别

Read

{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }
AWS::AppSync::DataSourceAWS::Lambda::Function

策略类型

客户管理型策略附加在 AWS::AppSync::DataSource 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}:*" ] } ] }
AWS::AppSync::DataSourceAWS::Events::EventBus

策略类型

客户管理型策略附加在 AWS::AppSync::DataSource 角色上。

访问类别

Write

{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] }
AWS::AppSync::GraphQLApiAWS::Lambda::Function

策略类型

AWS::Lambda::Permission 附加在 AWS::Lambda::Function 上。

访问类别

Write

{ "Action": "lambda:InvokeFunction", "Principal": "appsync.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}" }