本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS SAM 連接器參考
本節包含 AWS Serverless Application Model (AWS SAM) 連接器資源類型的參考資訊。如需連接器的簡介,請參閱使用 AWS SAM 連接器管理資源權限。
連接器支援的來源和目標資源類型
資AWS::Serverless::Connector源類型支援來源和目標資源之間的選取連線數目。在 AWS SAM 範本中設定連接器時,請使用下表來參照支援的連線,以及需要針對每個來源和目標資源類型定義的內容。如需有關在範本中配置連接器的詳細資訊,請參閱AWS::Serverless::Connector。
對於來源和目標資源,在同一個範本中定義時,請使用Id屬性。或者,您Qualifier可以新增一個來縮小已定義資源的範圍。當資源不在同一個範本中時,請使用支援的屬性組合。
若要要求新的連線,請在serverless-application-model AWS GitHub儲存庫中提交新問題
| 來源類型 | 目的地類型 | 許可 | 來源屬性 | 目的地屬性 |
|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
連接器建立的 IAM 政策
本節說明使用連接器 AWS SAM 時建立的 AWS Identity and Access Management (IAM) 政策。
AWS::DynamoDB::Table設定為AWS::Lambda::Function-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams" ], "Resource": [ "%{Source.Arn}/stream/*" ] } ] } AWS::Events::Rule設定為AWS::SNS::Topic-
策略類型
AWS::SNS::TopicPolicy附加到AWS::SNS::Topic.存取類別
Write{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sns:Publish", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] } AWS::Events::Rule設定為AWS::Events::EventBus-
策略類型
附加至
AWS::Events::Rule角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::Events::Rule設定為AWS::StepFunctions::StateMachine-
策略類型
附加至
AWS::Events::Rule角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::Events::Rule設定為AWS::Lambda::Function-
策略類型
AWS::Lambda::Permission附加到AWS::Lambda::Function.存取類別
Write{ "Action": "lambda:InvokeFunction", "Principal": "events.amazonaws.com", "SourceArn": "%{Source.Arn}" } AWS::Events::Rule設定為AWS::SQS::Queue-
策略類型
AWS::SQS::QueuePolicy附加到AWS::SQS::Queue.存取類別
Write{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] } AWS::Lambda::Function設定為AWS::Lambda::Function-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::Lambda::Function設定為AWS::S3::Bucket-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListMultipartUploadParts" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }Write{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:RestoreObject" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] } AWS::Lambda::Function設定為AWS::DynamoDB::Table-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }Write{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] } AWS::Lambda::Function設定為AWS::SQS::Queue-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:GetQueueAttributes" ], "Resource": [ "%{Destination.Arn}" ] } ] }Write{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:SendMessage", "sqs:ChangeMessageVisibility", "sqs:PurgeQueue" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::Lambda::Function設定為AWS::SNS::Topic-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::Lambda::Function設定為AWS::StepFunctions::StateMachine-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution", "states:StartSyncExecution" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:StopExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] } ] }Read{ "Statement": [ { "Effect": "Allow", "Action": [ "states:DescribeStateMachine", "states:ListExecutions" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:DescribeExecution", "states:DescribeStateMachineForExecution", "states:GetExecutionHistory" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] } ] } AWS::Lambda::Function設定為AWS::Events::EventBus-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::Lambda::Function設定為AWS::Location::PlaceIndex-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "geo:DescribePlaceIndex", "geo:GetPlace", "geo:SearchPlaceIndexForPosition", "geo:SearchPlaceIndexForSuggestions", "geo:SearchPlaceIndexForText" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::ApiGatewayV2::Api設定為AWS::Lambda::Function-
策略類型
AWS::Lambda::Permission附加到AWS::Lambda::Function.存取類別
Write{ "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}" } AWS::ApiGateway::RestApi設定為AWS::Lambda::Function-
策略類型
AWS::Lambda::Permission附加到AWS::Lambda::Function.存取類別
Write{ "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}" } AWS::SNS::Topic設定為AWS::SQS::Queue-
策略類型
AWS::SQS::QueuePolicy附加到AWS::SQS::Queue.存取類別
Write{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" }, "Resource": "%{Destination.Arn}", "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": "%{Source.Arn}" } } } ] } AWS::SNS::Topic設定為AWS::Lambda::Function-
策略類型
AWS::Lambda::Permission附加到AWS::Lambda::Function.存取類別
Write{ "Action": "lambda:InvokeFunction", "Principal": "sns.amazonaws.com", "SourceArn": "%{Source.Arn}" } AWS::SQS::Queue設定為AWS::Lambda::Function-
策略類型
附加至
AWS::Lambda::Function角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:DeleteMessage" ], "Resource": [ "%{Source.Arn}" ] } ] }Read{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:GetQueueAttributes" ], "Resource": [ "%{Source.Arn}" ] } ] } AWS::S3::Bucket設定為AWS::Lambda::Function-
策略類型
AWS::Lambda::Permission附加到AWS::Lambda::Function.存取類別
Write{ "Action": "lambda:InvokeFunction", "Principal": "s3.amazonaws.com", "SourceArn": "%{Source.Arn}", "SourceAccount": "${AWS::AccountId}" } AWS::StepFunctions::StateMachine設定為AWS::Lambda::Function-
策略類型
附加至
AWS::StepFunctions::StateMachine角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::StepFunctions::StateMachine設定為AWS::SNS::Topic-
策略類型
附加至
AWS::StepFunctions::StateMachine角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::StepFunctions::StateMachine設定為AWS::SQS::Queue-
策略類型
附加至
AWS::StepFunctions::StateMachine角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "sqs:SendMessage" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::StepFunctions::StateMachine設定為AWS::S3::Bucket-
策略類型
附加至
AWS::StepFunctions::StateMachine角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListMultipartUploadParts" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] }Write{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:RestoreObject" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/*" ] } ] } AWS::StepFunctions::StateMachine設定為AWS::DynamoDB::Table-
策略類型
附加至
AWS::StepFunctions::StateMachine角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }Write{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] } AWS::StepFunctions::StateMachine設定為AWS::StepFunctions::StateMachine-
策略類型
附加至
AWS::StepFunctions::StateMachine角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "states:DescribeExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] }, { "Effect": "Allow", "Action": [ "events:DescribeRule" ], "Resource": [ "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" ] } ] }Write{ "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "%{Destination.Arn}" ] }, { "Effect": "Allow", "Action": [ "states:StopExecution" ], "Resource": [ "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*" ] }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule" ], "Resource": [ "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" ] } ] } AWS::StepFunctions::StateMachine設定為AWS::Events::EventBus-
策略類型
附加至
AWS::StepFunctions::StateMachine角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::AppSync::DataSource設定為AWS::DynamoDB::Table-
策略類型
附加至
AWS::AppSync::DataSource角色的客戶管理政策。存取類別
Read{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] }Write{ "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}/index/*" ] } ] } AWS::AppSync::DataSource設定為AWS::Lambda::Function-
策略類型
附加至
AWS::AppSync::DataSource角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], "Resource": [ "%{Destination.Arn}", "%{Destination.Arn}:*" ] } ] } AWS::AppSync::DataSource設定為AWS::Events::EventBus-
策略類型
附加至
AWS::AppSync::DataSource角色的客戶管理政策。存取類別
Write{ "Statement": [ { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "%{Destination.Arn}" ] } ] } AWS::AppSync::GraphQLApi設定為AWS::Lambda::Function-
策略類型
AWS::Lambda::Permission附加到AWS::Lambda::Function.存取類別
Write{ "Action": "lambda:InvokeFunction", "Principal": "appsync.amazonaws.com", "SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}" }
