I'm trying to tighten up the policies of my AWS Lambda function so that it only has access to the one S3 bucket that it needed, so I added an S3CrudPolicy with the BucketName referencing the bucket that's defined in the template. The relevant part of template.yaml looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
|
Resources: ImagesBucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub "${ProjectName}-${UniqueKey}-images" ResizeFunction: Type: AWS::Serverless::Function Properties: FunctionName: resize # ... Events: CreateThumbnailEvent: Type: S3 Properties: Bucket: !Ref ImagesBucket Events: s3:ObjectCreated:* Policies: - S3CrudPolicy: BucketName: !Ref ImagesBucket |
However, this creates an error:
|
Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Circular dependency between resources: [ImagesBucket, ResizeFunctionRole, ResizeFunction, ResizeFunctionCreateThumbnailEventPermission] |
(Who is this waiter anyway? This isn't a restaurant!) Solution To solve this, instead of referencing ImageBucket in… continue reading.
Posted on
29 May 2019 in AWS Lambda