How to add bucket permission in serverless.yml

8.9k views Asked by At

I have following serverless.yml file, when I deploy it gives me permission denied on product-image-dev bucket, how do I set permission in iamRoleStatements or it has to be set somewhere else.

service: imagecrops

provider:
  name: aws
  runtime: nodejs4.3
  memorySize: 1024 
  timeout: 20 
  satege: dev

  iamRoleStatements:
      - Effect: "Allow"
        Action:
          - "s3:*"
        Resource:
          - { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ]]}


package:
  include:
    - bin
    - libs
  exclude:
    - tests
    - serverless-nodejs-image

functions:
  cropImage:
    handler: handler.cropImage
    description: Crops images, from S3 bucket and puts into new folder
    events:
      - s3:
          bucket: product-images-dev
          event: s3:ObjectCreated:*
          rules:
            - prefix: uploads/
1

There are 1 answers

1
Mukesh Yadav On

I changed my serverless.yml file as following and it started reading.

service: imagecrops

provider:
  name: aws
  runtime: nodejs4.3
  memorySize: 1024 
  timeout: 20 
  satege: dev

  iamRoleStatements:
      - Effect: "Allow"
        Action:
          - "s3:*"
        Resource:
          - { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ]]}
          - "arn:aws:s3:::product-images-dev/*"


package:
  include:
    - bin
    - libs
  exclude:
    - tests
    - serverless-nodejs-image

functions:
  cropImage:
    handler: handler.cropImage
    description: Crops images, from S3 bucket and puts into new folder
    events:
      - s3:
          bucket: product-images-dev
          event: s3:ObjectCreated:*
          rules:
            - prefix: uploads/