Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# AWS SAM referensi konektor
Bagian ini berisi informasi referensi untuk tipe sumber daya konektor AWS Serverless Application Model (AWS SAM). Untuk pengenalan konektor, lihat[Mengelola izin sumber daya dengan konektor AWS SAM](managing-permissions-connectors.md).
## Jenis sumber daya dan tujuan yang didukung untuk konektor
Jenis `AWS::Serverless::Connector` sumber daya mendukung sejumlah koneksi tertentu antara sumber dan sumber daya tujuan. Saat mengonfigurasi konektor di AWS SAM templat Anda, gunakan tabel berikut untuk mereferensikan koneksi yang didukung dan properti yang perlu ditentukan untuk setiap jenis sumber daya sumber dan tujuan. Untuk informasi selengkapnya tentang mengonfigurasi konektor di templat Anda, lihat[AWS::Serverless::Connector](sam-resource-connector.md).
Untuk sumber daya sumber dan tujuan, ketika didefinisikan dalam template yang sama, gunakan `Id` properti. Secara opsional, a `Qualifier` dapat ditambahkan untuk mempersempit ruang lingkup sumber daya yang Anda tentukan. Ketika sumber daya tidak berada dalam template yang sama, gunakan kombinasi properti yang didukung.
Untuk meminta koneksi baru, [kirimkan masalah baru](https://github.com/aws/serverless-application-model/issues/new?assignees=&labels=area%2Fconnectors,stage%2Fneeds-triage&template=other.md&title=%28New%20Connector%20Profile%29) di *serverless-application-model AWS GitHubrepositori*.
| Jenis sumber | Jenis tujuan | Izin | Properti sumber | Properti tujuan |
| --- | --- | --- | --- | --- |
| `AWS::ApiGateway::RestApi` | `AWS::Lambda::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::ApiGateway::RestApi` | `AWS::Serverless::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Lambda::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Serverless::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Read` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::DataSource` | `AWS::Events::EventBus` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::DataSource` | `AWS::Lambda::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Read` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Lambda::Function` | `Write` | `Id`atau `ResourceId` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Serverless::Function` | `Write` | `Id`atau `ResourceId` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::DynamoDB::Table` | `AWS::Lambda::Function` | `Read` | `Id`atau `Arn` dan `Type` | `Id`atau `RoleName` dan `Type` |
| `AWS::DynamoDB::Table` | `AWS::Serverless::Function` | `Read` | `Id`atau `Arn` dan `Type` | `Id`atau `RoleName` dan `Type` |
| `AWS::Events::Rule` | `AWS::Events::EventBus` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Events::Rule` | `AWS::Lambda::Function` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::Function` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::StateMachine` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Events::Rule` | `AWS::SNS::Topic` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Events::Rule` | `AWS::SQS::Queue` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau`Arn`,`QueueUrl`, dan `Type` |
| `AWS::Events::Rule` | `AWS::StepFunctions::StateMachine` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::Events::EventBus` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::Lambda::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::Location::PlaceIndex` | `Read` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
| `AWS::Lambda::Function` | `AWS::SNS::Topic` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Lambda::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
| `AWS::S3::Bucket` | `AWS::Lambda::Function` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::S3::Bucket` | `AWS::Serverless::Function` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Api` | `AWS::Lambda::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Api` | `AWS::Serverless::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::Events::EventBus` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::Lambda::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
| `AWS::Serverless::Function` | `AWS::SNS::Topic` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Lambda::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Serverless::Function` | `Write` | `Id`atau`Qualifier`,`ResourceId`, dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Lambda::Function` | `Read` | `Id`atau `Arn` dan `Type` | `Id`atau `RoleName` dan `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Serverless::Function` | `Read` | `Id`atau `Arn` dan `Type` | `Id`atau `RoleName` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::Serverless::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
| `AWS::SNS::Topic` | `AWS::Lambda::Function` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::SNS::Topic` | `AWS::Serverless::Function` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::SNS::Topic` | `AWS::SQS::Queue` | `Write` | `Id`atau `Arn` dan `Type` | `Id`atau`Arn`,`QueueUrl`, dan `Type` |
| `AWS::SQS::Queue` | `AWS::Lambda::Function` | `Read`, `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `RoleName` dan `Type` |
| `AWS::SQS::Queue` | `AWS::Serverless::Function` | `Read`, `Write` | `Id`atau `Arn` dan `Type` | `Id`atau `RoleName` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau `Arn` dan `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`atau `RoleName` dan `Type` | `Id`atau`Arn`,`Name`, dan `Type` |
## Kebijakan IAM yang dibuat oleh konektor
Bagian ini mendokumentasikan kebijakan AWS Identity and Access Management (IAM) yang dibuat oleh AWS SAM saat menggunakan konektor.
`AWS::DynamoDB::Table` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": [
"%{Source.Arn}/stream/*"
]
}
]
}
```
`AWS::Events::Rule` untuk `AWS::SNS::Topic`
**Jenis kebijakan**
[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html)melekat pada`AWS::SNS::Topic`.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sns:Publish",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::Events::Rule` untuk `AWS::Events::EventBus`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Events::Rule` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Events::Rule` untuk `AWS::StepFunctions::StateMachine`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Events::Rule` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Events::Rule` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`melekat pada`AWS::Lambda::Function`.
**Kategori akses**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "events.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
`AWS::Events::Rule` untuk `AWS::SQS::Queue`
**Jenis kebijakan**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)`melekat pada`AWS::SQS::Queue`.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::S3::Bucket`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::DynamoDB::Table`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::SQS::Queue`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage",
"sqs:SendMessage",
"sqs:ChangeMessageVisibility",
"sqs:PurgeQueue"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::SNS::Topic`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::StepFunctions::StateMachine`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution",
"states:StartSyncExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeStateMachine",
"states:ListExecutions"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution",
"states:DescribeStateMachineForExecution",
"states:GetExecutionHistory"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::Events::EventBus`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` untuk `AWS::Location::PlaceIndex`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"geo:DescribePlaceIndex",
"geo:GetPlace",
"geo:SearchPlaceIndexForPosition",
"geo:SearchPlaceIndexForSuggestions",
"geo:SearchPlaceIndexForText"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::ApiGatewayV2::Api` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`melekat pada`AWS::Lambda::Function`.
**Kategori akses**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
`AWS::ApiGateway::RestApi` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`melekat pada`AWS::Lambda::Function`.
**Kategori akses**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
`AWS::SNS::Topic` untuk `AWS::SQS::Queue`
**Jenis kebijakan**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)`melekat pada`AWS::SQS::Queue`.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::SNS::Topic` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`melekat pada`AWS::Lambda::Function`.
**Kategori akses**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "sns.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
`AWS::SQS::Queue` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::Lambda::Function` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
`AWS::S3::Bucket` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`melekat pada`AWS::Lambda::Function`.
**Kategori akses**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "s3.amazonaws.com",
"SourceArn": "%{Source.Arn}",
"SourceAccount": "${AWS::AccountId}"
}
```
`AWS::StepFunctions::StateMachine` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::StepFunctions::StateMachine` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` untuk `AWS::SNS::Topic`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::StepFunctions::StateMachine` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` untuk `AWS::SQS::Queue`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::StepFunctions::StateMachine` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:SendMessage"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` untuk `AWS::S3::Bucket`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::StepFunctions::StateMachine` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` untuk `AWS::DynamoDB::Table`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::StepFunctions::StateMachine` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` untuk `AWS::StepFunctions::StateMachine`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::StepFunctions::StateMachine` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:DescribeRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:PutTargets",
"events:PutRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` untuk `AWS::Events::EventBus`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::StepFunctions::StateMachine` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::AppSync::DataSource` untuk `AWS::DynamoDB::Table`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::AppSync::DataSource` peran tersebut.
**Kategori akses**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::AppSync::DataSource` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::AppSync::DataSource` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}:*"
]
}
]
}
```
`AWS::AppSync::DataSource` untuk `AWS::Events::EventBus`
**Jenis kebijakan**
[Kebijakan yang dikelola pelanggan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) melekat pada `AWS::AppSync::DataSource` peran tersebut.
**Kategori akses**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::AppSync::GraphQLApi` untuk `AWS::Lambda::Function`
**Jenis kebijakan**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`melekat pada`AWS::Lambda::Function`.
**Kategori akses**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "appsync.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}"
}
```