Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# AWS SAM riferimento del connettore
Questa sezione contiene informazioni di riferimento per il tipo di risorsa del connettore AWS Serverless Application Model (AWS SAM). Per un'introduzione ai connettori, vedere[Gestione delle autorizzazioni delle risorse con i connettori AWS SAM](managing-permissions-connectors.md).
## Tipi di risorse di origine e destinazione supportati per i connettori
Il tipo di `AWS::Serverless::Connector` risorsa supporta un numero selezionato di connessioni tra le risorse di origine e di destinazione. Quando configurate i connettori nel AWS SAM modello, utilizzate la tabella seguente per fare riferimento alle connessioni supportate e alle proprietà che devono essere definite per ogni tipo di risorsa di origine e destinazione. Per ulteriori informazioni sulla configurazione dei connettori nel modello, vedere. [AWS::Serverless::Connector](sam-resource-connector.md)
Sia per le risorse di origine che per quelle di destinazione, se definite all'interno dello stesso modello, utilizzate la `Id` proprietà. Facoltativamente, `Qualifier` è possibile aggiungere un per restringere l'ambito della risorsa definita. Se la risorsa non si trova all'interno dello stesso modello, utilizzate una combinazione di proprietà supportate.
Per richiedere nuove connessioni, [invia un nuovo problema](https://github.com/aws/serverless-application-model/issues/new?assignees=&labels=area%2Fconnectors,stage%2Fneeds-triage&template=other.md&title=%28New%20Connector%20Profile%29) al *serverless-application-model AWS GitHubrepository*.
| Source type (Tipo di origine) | Tipo di destinazione | Permissions | Proprietà della fonte | Proprietà di destinazione |
| --- | --- | --- | --- | --- |
| `AWS::ApiGateway::RestApi` | `AWS::Lambda::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::ApiGateway::RestApi` | `AWS::Serverless::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Lambda::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Serverless::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Read` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::DataSource` | `AWS::Events::EventBus` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::DataSource` | `AWS::Lambda::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Read` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Lambda::Function` | `Write` | `Id`o `ResourceId` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Serverless::Function` | `Write` | `Id`o `ResourceId` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::DynamoDB::Table` | `AWS::Lambda::Function` | `Read` | `Id`o `Arn` e `Type` | `Id`o `RoleName` e `Type` |
| `AWS::DynamoDB::Table` | `AWS::Serverless::Function` | `Read` | `Id`o `Arn` e `Type` | `Id`o `RoleName` e `Type` |
| `AWS::Events::Rule` | `AWS::Events::EventBus` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Events::Rule` | `AWS::Lambda::Function` | `Write` | `Id`o `Arn` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::Function` | `Write` | `Id`o `Arn` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::StateMachine` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Events::Rule` | `AWS::SNS::Topic` | `Write` | `Id`o `Arn` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Events::Rule` | `AWS::SQS::Queue` | `Write` | `Id`o `Arn` e `Type` | `Id`oppure `Arn``QueueUrl`, e `Type` |
| `AWS::Events::Rule` | `AWS::StepFunctions::StateMachine` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::Events::EventBus` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::Lambda::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::Location::PlaceIndex` | `Read` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
| `AWS::Lambda::Function` | `AWS::SNS::Topic` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Lambda::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
| `AWS::S3::Bucket` | `AWS::Lambda::Function` | `Write` | `Id`o `Arn` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::S3::Bucket` | `AWS::Serverless::Function` | `Write` | `Id`o `Arn` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Api` | `AWS::Lambda::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Api` | `AWS::Serverless::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::Events::EventBus` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::Lambda::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
| `AWS::Serverless::Function` | `AWS::SNS::Topic` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Lambda::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Serverless::Function` | `Write` | `Id`oppure `Qualifier``ResourceId`, e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Lambda::Function` | `Read` | `Id`o `Arn` e `Type` | `Id`o `RoleName` e `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Serverless::Function` | `Read` | `Id`o `Arn` e `Type` | `Id`o `RoleName` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::Serverless::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
| `AWS::SNS::Topic` | `AWS::Lambda::Function` | `Write` | `Id`o `Arn` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::SNS::Topic` | `AWS::Serverless::Function` | `Write` | `Id`o `Arn` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::SNS::Topic` | `AWS::SQS::Queue` | `Write` | `Id`o `Arn` e `Type` | `Id`oppure `Arn``QueueUrl`, e `Type` |
| `AWS::SQS::Queue` | `AWS::Lambda::Function` | `Read`, `Write` | `Id`o `Arn` e `Type` | `Id`o `RoleName` e `Type` |
| `AWS::SQS::Queue` | `AWS::Serverless::Function` | `Read`, `Write` | `Id`o `Arn` e `Type` | `Id`o `RoleName` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id`o `RoleName` e `Type` | `Id`o `Arn` e `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id`o `RoleName` e `Type` | `Id`oppure `Arn``Name`, e `Type` |
## Politiche IAM create dai connettori
Questa sezione documenta le politiche AWS Identity and Access Management (IAM) create da AWS SAM quando si utilizzano i connettori.
`AWS::DynamoDB::Table` Da a `AWS::Lambda::Function`
**Tipo di policy**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": [
"%{Source.Arn}/stream/*"
]
}
]
}
```
`AWS::Events::Rule` Da a `AWS::SNS::Topic`
**Tipo di politica**
[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html)allegato al`AWS::SNS::Topic`.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sns:Publish",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::Events::Rule` Da a `AWS::Events::EventBus`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Events::Rule` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Events::Rule` Da a `AWS::StepFunctions::StateMachine`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Events::Rule` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Events::Rule` Da a `AWS::Lambda::Function`
**Tipo di politica**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`allegato al`AWS::Lambda::Function`.
**Categorie di accesso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "events.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
`AWS::Events::Rule` Da a `AWS::SQS::Queue`
**Tipo di politica**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)`allegato al`AWS::SQS::Queue`.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::Lambda::Function`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::S3::Bucket`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::DynamoDB::Table`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::SQS::Queue`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage",
"sqs:SendMessage",
"sqs:ChangeMessageVisibility",
"sqs:PurgeQueue"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::SNS::Topic`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::StepFunctions::StateMachine`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution",
"states:StartSyncExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeStateMachine",
"states:ListExecutions"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution",
"states:DescribeStateMachineForExecution",
"states:GetExecutionHistory"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::Events::EventBus`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` Da a `AWS::Location::PlaceIndex`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"geo:DescribePlaceIndex",
"geo:GetPlace",
"geo:SearchPlaceIndexForPosition",
"geo:SearchPlaceIndexForSuggestions",
"geo:SearchPlaceIndexForText"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::ApiGatewayV2::Api` Da a `AWS::Lambda::Function`
**Tipo di politica**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`allegato al`AWS::Lambda::Function`.
**Categorie di accesso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
`AWS::ApiGateway::RestApi` Da a `AWS::Lambda::Function`
**Tipo di politica**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`allegato al`AWS::Lambda::Function`.
**Categorie di accesso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
`AWS::SNS::Topic` Da a `AWS::SQS::Queue`
**Tipo di politica**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)`allegato al`AWS::SQS::Queue`.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::SNS::Topic` Da a `AWS::Lambda::Function`
**Tipo di politica**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`allegato al`AWS::Lambda::Function`.
**Categorie di accesso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "sns.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
`AWS::SQS::Queue` Da a `AWS::Lambda::Function`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::Lambda::Function` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
`AWS::S3::Bucket` Da a `AWS::Lambda::Function`
**Tipo di politica**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`allegato al`AWS::Lambda::Function`.
**Categorie di accesso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "s3.amazonaws.com",
"SourceArn": "%{Source.Arn}",
"SourceAccount": "${AWS::AccountId}"
}
```
`AWS::StepFunctions::StateMachine` Da a `AWS::Lambda::Function`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::StepFunctions::StateMachine` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` Da a `AWS::SNS::Topic`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::StepFunctions::StateMachine` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` Da a `AWS::SQS::Queue`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::StepFunctions::StateMachine` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:SendMessage"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` Da a `AWS::S3::Bucket`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::StepFunctions::StateMachine` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` Da a `AWS::DynamoDB::Table`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::StepFunctions::StateMachine` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` Da a `AWS::StepFunctions::StateMachine`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::StepFunctions::StateMachine` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:DescribeRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:PutTargets",
"events:PutRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` Da a `AWS::Events::EventBus`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::StepFunctions::StateMachine` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::AppSync::DataSource` Da a `AWS::DynamoDB::Table`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::AppSync::DataSource` ruolo.
**Categorie di accesso**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::AppSync::DataSource` Da a `AWS::Lambda::Function`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::AppSync::DataSource` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}:*"
]
}
]
}
```
`AWS::AppSync::DataSource` Da a `AWS::Events::EventBus`
**Tipo di politica**
[Politica gestita dal cliente](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) allegata al `AWS::AppSync::DataSource` ruolo.
**Categorie di accesso**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::AppSync::GraphQLApi` Da a `AWS::Lambda::Function`
**Tipo di politica**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)`allegato al`AWS::Lambda::Function`.
**Categorie di accesso**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "appsync.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}"
}
```