You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am planning to have the lambda authorizer generate a dynamic policy and assume a role based on the policy for tenant segregation. We already use serverless-iam-roles-per-function to limit lambda's access to AWS resources.
How does this sit with the dynamic policy generated to assume the role and thus limit access to S3 and dynamo (using leading keys and prefixes).
Should I remove dynamo from the IAM statement for the functions completely and let that be added through the dynamically generated policy or something else?
The text was updated successfully, but these errors were encountered:
I am planning to have the lambda authorizer generate a dynamic policy and assume a role based on the policy for tenant segregation. We already use serverless-iam-roles-per-function to limit lambda's access to AWS resources.
How does this sit with the dynamic policy generated to assume the role and thus limit access to S3 and dynamo (using leading keys and prefixes).
Should I remove dynamo from the IAM statement for the functions completely and let that be added through the dynamically generated policy or something else?
The text was updated successfully, but these errors were encountered: