Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
# AWS SAM référence du connecteur
Cette section contient des informations de référence pour le type de ressource du connecteur AWS Serverless Application Model (AWS SAM). Pour obtenir une présentation des connecteurs, veuillez consulter [Gestion des autorisations relatives aux ressources à l'aide de AWS SAM connecteurs](managing-permissions-connectors.md).
## Types de ressources source et de destination pris en charge pour les connecteurs
Le type de ressource `AWS::Serverless::Connector` prend en charge un certain nombre de connexions entre les ressources source et de destination. Lorsque vous configurez des connecteurs dans votre AWS SAM modèle, utilisez le tableau suivant pour référencer les connexions prises en charge et les propriétés qui doivent être définies pour chaque type de ressource source et de destination. Pour plus d'informations sur la configuration de connecteurs dans votre modèle, consultez [AWS::Serverless::Connector](sam-resource-connector.md).
Pour les ressources source et de destination, lorsqu'elles sont définies dans le même modèle, utilisez la propriété `Id`. Sinon, un élément `Qualifier` peut être ajouté pour réduire la portée de la ressource que vous avez définie. Quand les ressources ne se trouvent pas dans le même modèle, utilisez une combinaison d'autres propriétés.
Pour demander de nouvelles connexions, [soumettez un nouveau problème](https://github.com/aws/serverless-application-model/issues/new?assignees=&labels=area%2Fconnectors,stage%2Fneeds-triage&template=other.md&title=%28New%20Connector%20Profile%29) dans le *serverless-application-model AWS GitHubréférentiel*.
| Source type (Type de source) | Type de destination | Permissions | Propriétés de source | Propriétés de destination |
| --- | --- | --- | --- | --- |
| `AWS::ApiGateway::RestApi` | `AWS::Lambda::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::ApiGateway::RestApi` | `AWS::Serverless::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Lambda::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::ApiGatewayV2::Api` | `AWS::Serverless::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Read` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::DataSource` | `AWS::DynamoDB::Table` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::DataSource` | `AWS::Events::EventBus` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::DataSource` | `AWS::Lambda::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Read` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::DataSource` | `AWS::Serverless::SimpleTable` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Lambda::Function` | `Write` | `Id` ou `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::AppSync::GraphQLApi` | `AWS::Serverless::Function` | `Write` | `Id` ou `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::DynamoDB::Table` | `AWS::Lambda::Function` | `Read` | `Id` ou `Arn` et `Type` | `Id` ou `RoleName` et `Type` |
| `AWS::DynamoDB::Table` | `AWS::Serverless::Function` | `Read` | `Id` ou `Arn` et `Type` | `Id` ou `RoleName` et `Type` |
| `AWS::Events::Rule` | `AWS::Events::EventBus` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Events::Rule` | `AWS::Lambda::Function` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::Function` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Events::Rule` | `AWS::Serverless::StateMachine` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Events::Rule` | `AWS::SNS::Topic` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Events::Rule` | `AWS::SQS::Queue` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn`, `QueueUrl` et `Type` |
| `AWS::Events::Rule` | `AWS::StepFunctions::StateMachine` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::Events::EventBus` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::Lambda::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::Location::PlaceIndex` | `Read` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
| `AWS::Lambda::Function` | `AWS::SNS::Topic` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Lambda::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
| `AWS::S3::Bucket` | `AWS::Lambda::Function` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::S3::Bucket` | `AWS::Serverless::Function` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Api` | `AWS::Lambda::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Api` | `AWS::Serverless::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::Events::EventBus` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::Lambda::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
| `AWS::Serverless::Function` | `AWS::SNS::Topic` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::SQS::Queue` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::Function` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Lambda::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::HttpApi` | `AWS::Serverless::Function` | `Write` | `Id` ou `Qualifier`, `ResourceId` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Lambda::Function` | `Read` | `Id` ou `Arn` et `Type` | `Id` ou `RoleName` et `Type` |
| `AWS::Serverless::SimpleTable` | `AWS::Serverless::Function` | `Read` | `Id` ou `Arn` et `Type` | `Id` ou `RoleName` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::Serverless::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
| `AWS::SNS::Topic` | `AWS::Lambda::Function` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::SNS::Topic` | `AWS::Serverless::Function` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::SNS::Topic` | `AWS::SQS::Queue` | `Write` | `Id` ou `Arn` et `Type` | `Id` ou `Arn`, `QueueUrl` et `Type` |
| `AWS::SQS::Queue` | `AWS::Lambda::Function` | `Read`, `Write` | `Id` ou `Arn` et `Type` | `Id` ou `RoleName` et `Type` |
| `AWS::SQS::Queue` | `AWS::Serverless::Function` | `Read`, `Write` | `Id` ou `Arn` et `Type` | `Id` ou `RoleName` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::DynamoDB::Table` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Events::EventBus` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Lambda::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::S3::Bucket` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::Function` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::SimpleTable` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::Serverless::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SNS::Topic` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::SQS::Queue` | `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn` et `Type` |
| `AWS::StepFunctions::StateMachine` | `AWS::StepFunctions::StateMachine` | `Read`, `Write` | `Id` ou `RoleName` et `Type` | `Id` ou `Arn`, `Name` et `Type` |
## Politiques IAM créées par les connecteurs
Cette section décrit les politiques Gestion des identités et des accès AWS (IAM) créées AWS SAM lors de l'utilisation de connecteurs.
`AWS::DynamoDB::Table` sur `AWS::Lambda::Function`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": [
"%{Source.Arn}/stream/*"
]
}
]
}
```
`AWS::Events::Rule` sur `AWS::SNS::Topic`
**Type de politique**
[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html) jointe à `AWS::SNS::Topic`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sns:Publish",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::Events::Rule` sur `AWS::Events::EventBus`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Events::Rule`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Events::Rule` sur `AWS::StepFunctions::StateMachine`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Events::Rule`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Events::Rule` sur `AWS::Lambda::Function`
**Type de politique**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` jointe à `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "events.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
`AWS::Events::Rule` sur `AWS::SQS::Queue`
**Type de politique**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)` jointe à `AWS::SQS::Queue`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::Lambda::Function` sur `AWS::Lambda::Function`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` sur `AWS::S3::Bucket`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`AWS::Lambda::Function` sur `AWS::DynamoDB::Table`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::Lambda::Function` sur `AWS::SQS::Queue`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage",
"sqs:SendMessage",
"sqs:ChangeMessageVisibility",
"sqs:PurgeQueue"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` sur `AWS::SNS::Topic`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` sur `AWS::StepFunctions::StateMachine`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution",
"states:StartSyncExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeStateMachine",
"states:ListExecutions"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution",
"states:DescribeStateMachineForExecution",
"states:GetExecutionHistory"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
}
]
}
```
`AWS::Lambda::Function` sur `AWS::Events::EventBus`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::Lambda::Function` sur `AWS::Location::PlaceIndex`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"geo:DescribePlaceIndex",
"geo:GetPlace",
"geo:SearchPlaceIndexForPosition",
"geo:SearchPlaceIndexForSuggestions",
"geo:SearchPlaceIndexForText"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::ApiGatewayV2::Api` sur `AWS::Lambda::Function`
**Type de politique**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` jointe à `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
`AWS::ApiGateway::RestApi` sur `AWS::Lambda::Function`
**Type de politique**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` jointe à `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "apigateway.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:%{Source.ResourceId}/%{Source.Qualifier}"
}
```
`AWS::SNS::Topic` sur `AWS::SQS::Queue`
**Type de politique**
`[AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html)` jointe à `AWS::SQS::Queue`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Resource": "%{Destination.Arn}",
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "%{Source.Arn}"
}
}
}
]
}
```
`AWS::SNS::Topic` sur `AWS::Lambda::Function`
**Type de politique**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` jointe à `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "sns.amazonaws.com",
"SourceArn": "%{Source.Arn}"
}
```
`AWS::SQS::Queue` sur `AWS::Lambda::Function`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"%{Source.Arn}"
]
}
]
}
```
`AWS::S3::Bucket` sur `AWS::Lambda::Function`
**Type de politique**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` jointe à `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "s3.amazonaws.com",
"SourceArn": "%{Source.Arn}",
"SourceAccount": "${AWS::AccountId}"
}
```
`AWS::StepFunctions::StateMachine` sur `AWS::Lambda::Function`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::StepFunctions::StateMachine`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` sur `AWS::SNS::Topic`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::StepFunctions::StateMachine`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` sur `AWS::SQS::Queue`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::StepFunctions::StateMachine`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:SendMessage"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` sur `AWS::S3::Bucket`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::StepFunctions::StateMachine`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:RestoreObject"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/*"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` sur `AWS::DynamoDB::Table`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::StepFunctions::StateMachine`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` sur `AWS::StepFunctions::StateMachine`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::StepFunctions::StateMachine`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:DescribeRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"%{Destination.Arn}"
]
},
{
"Effect": "Allow",
"Action": [
"states:StopExecution"
],
"Resource": [
"arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:%{Destination.Name}:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:PutTargets",
"events:PutRule"
],
"Resource": [
"arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
```
`AWS::StepFunctions::StateMachine` sur `AWS::Events::EventBus`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::StepFunctions::StateMachine`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::AppSync::DataSource` sur `AWS::DynamoDB::Table`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::AppSync::DataSource`.
**Catégories d'accès**
`Read`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PartiQLSelect"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}/index/*"
]
}
]
}
```
`AWS::AppSync::DataSource` sur `AWS::Lambda::Function`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::AppSync::DataSource`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"%{Destination.Arn}",
"%{Destination.Arn}:*"
]
}
]
}
```
`AWS::AppSync::DataSource` sur `AWS::Events::EventBus`
**Type de politique**
[La politique gérée par le client](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) jointe au rôle de `AWS::AppSync::DataSource`.
**Catégories d'accès**
`Write`
```
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"%{Destination.Arn}"
]
}
]
}
```
`AWS::AppSync::GraphQLApi` sur `AWS::Lambda::Function`
**Type de politique**
`[AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html)` jointe à `AWS::Lambda::Function`.
**Catégories d'accès**
`Write`
```
{
"Action": "lambda:InvokeFunction",
"Principal": "appsync.amazonaws.com",
"SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}"
}
```