From 3471bf3b74c20088e67cf2ee39b8aef404530b70 Mon Sep 17 00:00:00 2001 From: Florian Motlik Date: Thu, 4 Aug 2016 17:03:29 +0200 Subject: [PATCH] Add JSON/YAML examples --- docs/guide/custom-provider-resources.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/guide/custom-provider-resources.md b/docs/guide/custom-provider-resources.md index bb9636c59..06d47fdb0 100644 --- a/docs/guide/custom-provider-resources.md +++ b/docs/guide/custom-provider-resources.md @@ -117,7 +117,7 @@ The corresponding resources which are defined inside the `cloudformation-resourc into the `Resources` section. ## Adding custom IAM role statements -If you want to give permission to your functions to access certain resources on your AWS account, you can add custom IAM role statements to your service by adding the statements in the `iamRoleStatements` array in the `provider` object. As those statements will be merged into the CloudFormation template you can use Join, Ref or any other CloudFormation method or feature. Here's an example: +If you want to give permission to your functions to access certain resources on your AWS account, you can add custom IAM role statements to your service by adding the statements in the `iamRoleStatements` array in the `provider` object. As those statements will be merged into the CloudFormation template you can use Join, Ref or any other CloudFormation method or feature. You're also able to either use YAML for defining the statement (including the methods) or use embedded JSON if you prefer it. Here's an example that uses all of the above: ```yml # serverless.yml @@ -130,6 +130,14 @@ provider: Action: - "s3:ListBucket" Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket"} ] ] } + - Effect: "Allow" + Action: + - "s3:PutObject" + Resource: + Fn::Join: + - "" + - - "arn:aws:s3:::" + - "Ref" : "ServerlessDeploymentBucket" ``` On deployment, all these statements will be added to the IAM role that is assumed by your lambda functions.