I have a lambda that is trying to write to my fire...
# helpd
Daniel Gato
01/15/2022, 7:11 PMI have a lambda that is trying to write to my firehose DeliveryStream instance.
This permission works:
Copy code
'POST /collect': {
function: {
handler: 'src/analytics/create.main',
environment: {
ANALYTICS_DELIVERY_STREAM_NAME: analyticsDeliveryStream.deliveryStreamName,
},
permissions: [analyticsDeliveryStream],
},
},Error: The specified permissions are not supported.Daniel Gato
01/15/2022, 7:27 PMNote that ‘firehose:PutRecord’ seems to work, put I would like to have that for only this data stream.
f
Frank
01/15/2022, 8:38 PM
Hi @Daniel Gato, can I see how you are creating the
analyticsDeliveryStreamd
Daniel Gato
01/15/2022, 8:48 PM Copy code
export default class AnalyticsStack extends sst.Stack {
constructor(scope, id, props) {
super(scope, id, props);
this.analyticsBucket = new sst.Bucket(this, 'Analytics');
this.deliveryStream = new firehose.DeliveryStream(this, 'Delivery Stream', {
destinations: [new destinations.S3Bucket(this.analyticsBucket.s3Bucket)],
});
}
}Daniel Gato
01/15/2022, 8:53 PMI think this is working now:
Copy code
POST /collect': {
function: {
handler: 'src/analytics/create.main',
environment: {
ANALYTICS_DELIVERY_STREAM_NAME: analyticsDeliveryStream.deliveryStreamName,
},
permissions: [
new iam.PolicyStatement({
actions: ['firehose:PutRecord'],
effect: iam.Effect.ALLOW,
resources: [analyticsDeliveryStream.deliveryStreamArn],
}),
// 'firehose:PutRecord',
],
},f
Frank
01/16/2022, 2:44 AM
DeliverStreamFrank
01/16/2022, 2:45 AM
However, I just submitted a PR to add support for it - https://github.com/serverless-stack/serverless-stack/pull/1266
Frank
01/16/2022, 2:45 AM
Will merge once the test pass. And what u had originally would work:
permissions: [analyticsDeliveryStream],d
Daniel Gato
01/16/2022, 10:57 PMawesome, will test when it’s released