Hi, I have some pseudo code (learning) that I'd li...
# helpr
Rudi
04/18/2022, 7:33 PMHi, I have some pseudo code (learning) that I'd like to access the paramenter store - not where where I would add the persmissions?
o
Omi Chowdhury
04/18/2022, 7:42 PMI think you’d add it to the function definition in SST
https://docs.serverless-stack.com/constructs/v1/Function#permissions
r
Rudi
04/18/2022, 7:43 PMThis function is a target
Rudi
04/18/2022, 7:43 PMreceipt.handler
Rudi
04/18/2022, 7:43 PMfrom the eventbus demo ..
o
Omi Chowdhury
04/18/2022, 7:44 PMOh ok, you need to turn that into a Function object
r
Rudi
04/18/2022, 7:44 PMSo I want the target to access the parameter store .. there's no Function construct in the demo - perhaps needs to refactor it
o
Omi Chowdhury
04/18/2022, 7:45 PM Copy code
const RecieptHandler = new Function(stack, "RecieptHandler", {
handler: "src/...",
});Omi Chowdhury
04/18/2022, 7:47 PMOh apparently you can do this too:
https://docs.serverless-stack.com/constructs/v1/EventBus#configuring-an-individual-target
Omi Chowdhury
04/18/2022, 7:47 PMI usually break stuff out into their own objects so that there’s not too much inlining
r
Rudi
04/18/2022, 7:49 PMah .. checking .. thx ..
Rudi
04/18/2022, 8:07 PMSomething like this works:
Rudi
04/18/2022, 8:17 PMSo that's all good, though I might change
fun.attachPermissions(["ssm:GetParameter"])
to be more granular so that tihis lambda can only read that one secret in the matching environment (dev).
So will need to craft something like this from the docs:
Copy code
fun.attachPermissions([
new iam.PolicyStatement({
actions: ["s3:*"],
effect: iam.Effect.ALLOW,
resources: [
bucket.bucketArn + "/private/${<http://cognito-identity.amazonaws.com:sub|cognito-identity.amazonaws.com:sub>}/*",
],
}),