How to define CRUD policy in SAM (Serverless application model) template to more than one table for a lambda functio?

Question

I am using SAM (Serverless application model) and creating policy for lambda function for dynamo. By default AmazonDynamoDBFullAccess is there but I want to give DynamoDBCrudPolicy for lambda function in which more than one table is used.

In aws sam docs there is policy for one table not for more than one

Policies:
      # Give just CRUD permissions to one table
      - DynamoDBCrudPolicy:
          TableName: !Ref MyTable

Here is CRUD policy for one table, I want for more than one table.

score 11 · Answer 1 · answered Sep 03 '19 at 15:29

11

You could include several policies, one for each table, or provide a "*" for all DDB tables (note that "*" provides much broader permissions than is recommended, though).

    Policies:
      # Give just CRUD permissions to one table
      - DynamoDBCrudPolicy:
          TableName: !Ref MyTable
      # Give just CRUD permissions to another table
      - DynamoDBCrudPolicy:
          TableName: !Ref MyOtherTable
      # Give just CRUD permissions to all tables
      - DynamoDBCrudPolicy:
          TableName: "*"

answered Sep 03 '19 at 15:29

Keeton Hodgson

477
3
8

This MyOtherTable solution is not currently working for me. The '*' work around works but isn't great security wise. Anytime I have 2 DynamoDBCrudPolicy lines I get these errors: "Must specify valid parameter values for policy template 'DynamoDBCrudPolicy'" Anyone else experiencing this? – peoplespete Jun 20 '22 at 16:38

How to define CRUD policy in SAM (Serverless application model) template to more than one table for a lambda functio?

1 Answers1