Skip to content

Instantly share code, notes, and snippets.

@davetownsend

davetownsend/serverless.yml

Last active August 13, 2019 14:34
Show Gist options
  • Save davetownsend/f61a163a8c19cdd4c7ae9fa77a999b67 to your computer and use it in GitHub Desktop.
Save davetownsend/f61a163a8c19cdd4c7ae9fa77a999b67 to your computer and use it in GitHub Desktop.
Download ZIP
iam permissions
Raw
serverless.yml
functions:
auth:
handler: exampleAuth.verify
iamRoleStatements:
- Effect: Allow
Action: ssm:GetParameters*
Resource: arn:aws:ssm:#{AWS::Region}:#{AWS::AccountId}:parameter/${self:provider.apiname}/${self:provider.stage}/okta/*
- Effect: 'Allow'
Action: 'kms:Decrypt'
Resource: arn:aws:kms:#{AWS::Region}:#{AWS::AccountId}:key/${ssm:/example/${self:provider.stage}/kms/keyid~true}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment