Using reference in settings.yml policy fails

jorgebastida / gordon

λ Gordon is a tool to create, wire and deploy AWS Lambdas using CloudFormation

Other

2.05k stars 137 forks source link

Using reference in settings.yml policy fails #55

Open oseibonsu opened 8 years ago

oseibonsu commented 8 years ago

Using a reference parameter in the following manner results in Template format error: Unresolved resource dependencies [arn] in the Resources block of the template

lambdas:
  get:
    code: get
    handler: code.handler
    runtime: nodejs4.3
    policies:
      example_bucket_policy:
        Version: "2012-10-17"
        Statement:
          -
            Action:
              - "dynamodb:GetItem"
            Resource: ref://arn
            Effect: "Allow"

There references in defined in the parameter directory in a file call dev.yml


---
secret: secret
table: metaTags-dev
arn: arn:aws:dynamodb:us-east-1:123456789:table/metaTags-dev

timcosta commented 8 years ago

@oseibonsu might want to edit your secret out of that.

mario-harper-volusion commented 8 years ago

tjbaker commented 8 years ago

I ran into a similar issue when trying to use jinja2 syntax within a policy map.

ie.

                -
                    Action:
                        - "lambda:InvokeFunction"
                    Resource: "arn:aws:lambda:{{ region }}:{{ account }}:elblogs"
                    Effect: "Allow"

The variable is not expanded and cloudformation fails attempting to create the role.

stephanebruckert commented 7 years ago

@oseibonsu your resource is not specified correctly. You want:

 Resource: "arn:aws:dynamodb:*:*:*"

Example: https://github.com/jorgebastida/gordon/blob/master/examples/dynamodb/exampleapp/settings.yml