LambdaRole: | |
Type: 'AWS::IAM::Role' | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: 'Allow' | |
Principal: | |
Service: 'lambda.amazonaws.com' | |
Action: 'sts:AssumeRole' | |
Path: '/' | |
Policies: | |
- PolicyName: 'LambdaRolePolicy' | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: 'Allow' | |
Action: | |
- logs:CreateLogGroup | |
- logs:CreateLogStream | |
- logs:PutLogEvents | |
Resource: 'arn:aws:logs:*:*:*' | |
- Effect: 'Allow' | |
Action: | |
- dynamodb:DescribeStream | |
- dynamodb:GetRecords | |
- dynamodb:GetShardIterator | |
- dynamodb:ListStreams | |
Resource: !GetAtt OrderTable.StreamArn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment