Morning everyone! I've been trying to give list access to a specific bucket to my lambda. So I tried this

const uploadPublicBucket = props.uploadPublicBucket;
apiGateway.addRoutes(this, {
      'GET  /users': {
        function: {
          functionName: `fdm-${id}-${scope.stage}-get-users`,
          handler: 'services/field-data-api/handlers/user.get',
          permissions: [
            'cognito-idp:ListUsers',
            'cognito-idp:DescribeUserPool',
            [uploadPublicBucket.bucketArn, 'ListBucket'],
          ],
        },
      },
    });

But I get this error when I run

sst start

,

Error: The specified permissions are not supported.

I'm pretty sure there's a way that I can give permission to list a specific bucket to a specific lambda function, if anyone has any hint for me I'd appreciated 🙂

have you checked this doc? https://docs.serverless-stack.com/util/Permissions

I have indeed, and the way I do it is pretty much the way the example in the doc works. They use

attachPermissions

, which is the same as just passing the permissions directly when creating the lambda. The only difference is that they do it with a topic, and a table instead of a bucket. I've tried passing the s3 object, then the s3 arn. I've tried with

ListBucket

and

s3.ListBucket

as permissions. Both every time I get an error. So I figured someone else probably did it and could give me a hint

that double array method only supports

.grantXXX

methods on the bucket

ah ok, make sense. Is there another way to give let say ListBucket on a specific bucket?

You can add a custom policystatement in the permissions array

Sweet thanks!