Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
# AWS SAM referencia de conector
Esta sección contiene información de referencia para el tipo de recurso del conector AWS Serverless Application Model (AWS SAM). Para obtener una introducción a los conectores, consulte [Administrar los permisos de recursos con AWS SAM conectores](managing-permissions-connectors.md).
## Tipos de recursos de origen y destino admitidos para los conectores
El tipo de recurso `AWS::Serverless::Connector` admite un número determinado de conexiones entre los recursos de origen y destino. Al configurar los conectores en la AWS SAM plantilla, utilice la siguiente tabla para hacer referencia a las conexiones compatibles y a las propiedades que deben definirse para cada tipo de recurso de origen y destino. Para obtener más información sobre cómo configurar conectores en la plantilla, consulte [AWS::Serverless::Connector](sam-resource-connector.md).
Para los recursos de origen y destino, cuando se definan en la misma plantilla, utilice la propiedad `Id`. Si lo desea, puedes añadirse un `Qualifier` para reducir el alcance del recurso definido. Cuando el recurso no esté dentro de la misma plantilla, utiliza una combinación de propiedades admitidas.
Para solicitar nuevas conexiones, [envíe una nueva edición](https://github.com/aws/serverless-application-model/issues/new?assignees=&labels=area%2Fconnectors,stage%2Fneeds-triage&template=other.md&title=%28New%20Connector%20Profile%29) al *serverless-application-model AWS GitHubrepositorio*.
| Tipo de origen | Tipo de destino | Permisos | Propiedades de origen | Propiedades de destino |
| --- | --- | --- | --- | --- |
| `AWS::ApiGateway::RestApi` | `AWS::Lambda::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::ApiGateway::RestApi` | `AWS::Serverless::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Lambda::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Serverless::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Read` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::DataSource` | `AWS::Events::EventBus` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::DataSource` | `AWS::Lambda::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Read` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Lambda::Function` | `Write` | `Id` o `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Serverless::Function` | `Write` | `Id` o `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::DynamoDB::Table` | `AWS::Lambda::Function` | `Read` | `Id` o `Arn` y `Type` | `Id` o `RoleName` y `Type` |
| `AWS::DynamoDB::Table` | `AWS::Serverless::Function` | `Read` | `Id` o `Arn` y `Type` | `Id` o `RoleName` y `Type` |
| `AWS::Events::Rule` | `AWS::Events::EventBus` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Events::Rule` | `AWS::Lambda::Function` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::Function` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::StateMachine` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Events::Rule` | `AWS::SNS::Topic` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Events::Rule` | `AWS::SQS::Queue` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn`, `QueueUrl` y `Type` |
| `AWS::Events::Rule` | `AWS::StepFunctions::StateMachine` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::Events::EventBus` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::Lambda::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::Location::PlaceIndex` | `Read` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
| `AWS::Lambda::Function` | `AWS::SNS::Topic` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Lambda::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
| `AWS::S3::Bucket` | `AWS::Lambda::Function` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::S3::Bucket` | `AWS::Serverless::Function` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Api` | `AWS::Lambda::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Api` | `AWS::Serverless::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::Events::EventBus` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::Lambda::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
| `AWS::Serverless::Function` | `AWS::SNS::Topic` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Lambda::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Serverless::Function` | `Write` | `Id` o `Qualifier`, `ResourceId` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Lambda::Function` | `Read` | `Id` o `Arn` y `Type` | `Id` o `RoleName` y `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Serverless::Function` | `Read` | `Id` o `Arn` y `Type` | `Id` o `RoleName` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::Serverless::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
| `AWS::SNS::Topic` | `AWS::Lambda::Function` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::SNS::Topic` | `AWS::Serverless::Function` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::SNS::Topic` | `AWS::SQS::Queue` | `Write` | `Id` o `Arn` y `Type` | `Id` o `Arn`, `QueueUrl` y `Type` |
| `AWS::SQS::Queue` | `AWS::Lambda::Function` | `Read`, `Write` | `Id` o `Arn` y `Type` | `Id` o `RoleName` y `Type` |
| `AWS::SQS::Queue` | `AWS::Serverless::Function` | `Read`, `Write` | `Id` o `Arn` y `Type` | `Id` o `RoleName` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn` y `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` o `RoleName` y `Type` | `Id` o `Arn`, `Name` y `Type` |
## Políticas de IAM creadas por conectores
En esta sección se documentan las políticas AWS Identity and Access Management (de IAM) que se crean AWS SAM al utilizar los conectores.
De `AWS::DynamoDB::Table` a `AWS::Lambda::Function`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": [
"%{Source.Arn}/stream/*"
]
}
]
}
```
De `AWS::Events::Rule` a `AWS::SNS::Topic`
**Tipo de política**
[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html) asociada a la `AWS::SNS::Topic`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sns:Publish",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
De `AWS::Events::Rule` a `AWS::Events::EventBus`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Events::Rule`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::Events::Rule` a `AWS::StepFunctions::StateMachine`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Events::Rule`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::Events::Rule` a `AWS::Lambda::Function`
**Tipo de política**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` asociada a la `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "events.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
De `AWS::Events::Rule` a `AWS::SQS::Queue`
**Tipo de política**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)` asociada a la `AWS::SQS::Queue`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
De `AWS::Lambda::Function` a `AWS::Lambda::Function`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::Lambda::Function` a `AWS::S3::Bucket`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
De `AWS::Lambda::Function` a `AWS::DynamoDB::Table`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
De `AWS::Lambda::Function` a `AWS::SQS::Queue`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage",
"sqs:SendMessage",
"sqs:ChangeMessageVisibility",
"sqs:PurgeQueue"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::Lambda::Function` a `AWS::SNS::Topic`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::Lambda::Function` a `AWS::StepFunctions::StateMachine`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution",
"states:StartSyncExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeStateMachine",
"states:ListExecutions"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution",
"states:DescribeStateMachineForExecution",
"states:GetExecutionHistory"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
De `AWS::Lambda::Function` a `AWS::Events::EventBus`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::Lambda::Function` a `AWS::Location::PlaceIndex`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"geo:DescribePlaceIndex",
"geo:GetPlace",
"geo:SearchPlaceIndexForPosition",
"geo:SearchPlaceIndexForSuggestions",
"geo:SearchPlaceIndexForText"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::ApiGatewayV2::Api` a `AWS::Lambda::Function`
**Tipo de política**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` asociada a la `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
De `AWS::ApiGateway::RestApi` a `AWS::Lambda::Function`
**Tipo de política**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` asociada a la `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
De `AWS::SNS::Topic` a `AWS::SQS::Queue`
**Tipo de política**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)` asociada a la `AWS::SQS::Queue`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
De `AWS::SNS::Topic` a `AWS::Lambda::Function`
**Tipo de política**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` asociada a la `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "sns.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
De `AWS::SQS::Queue` a `AWS::Lambda::Function`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
De `AWS::S3::Bucket` a `AWS::Lambda::Function`
**Tipo de política**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` asociada a la `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "s3.amazonaws.com",
"SourceArn": "%{Source.Arn}",
"SourceAccount": "${AWS::AccountId}"
}
```
De `AWS::StepFunctions::StateMachine` a `AWS::Lambda::Function`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::StepFunctions::StateMachine`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::StepFunctions::StateMachine` a `AWS::SNS::Topic`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::StepFunctions::StateMachine`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::StepFunctions::StateMachine` a `AWS::SQS::Queue`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::StepFunctions::StateMachine`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:SendMessage"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::StepFunctions::StateMachine` a `AWS::S3::Bucket`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::StepFunctions::StateMachine`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
De `AWS::StepFunctions::StateMachine` a `AWS::DynamoDB::Table`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::StepFunctions::StateMachine`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
De `AWS::StepFunctions::StateMachine` a `AWS::StepFunctions::StateMachine`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::StepFunctions::StateMachine`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:DescribeRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:PutTargets",
"events:PutRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
De `AWS::StepFunctions::StateMachine` a `AWS::Events::EventBus`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::StepFunctions::StateMachine`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::AppSync::DataSource` a `AWS::DynamoDB::Table`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::AppSync::DataSource`.
**Categorías de acceso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
De `AWS::AppSync::DataSource` a `AWS::Lambda::Function`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::AppSync::DataSource`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}:*"
]
}
]
}
```
De `AWS::AppSync::DataSource` a `AWS::Events::EventBus`
**Tipo de política**
[La política administrada por el cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) asociada al rol de `AWS::AppSync::DataSource`.
**Categorías de acceso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
De `AWS::AppSync::GraphQLApi` a `AWS::Lambda::Function`
**Tipo de política**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` asociada a la `AWS::Lambda::Function`.
**Categorías de acceso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "appsync.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}"
}
```