Hey everyone. I'm using Seed to deploy my serverless project, and I'm running into a permissions issue. Trying to give a Lambda permission to delete an S3 file from a bucket. Here's part of `serverless.yml`:

provider:
  name: aws
  runtime: nodejs12.x
  memorySize: 128
  lambdaHashingVersion: 20201221
  iam:
    role:
      statements:
        - Effect: 'Allow'
          Action:
            - s3:DeleteObject
          Resource: 'arn:aws:s3:::xyz-user-downloads-dev/*'
        - Effect: 'Allow'
          Action:
            - s3:DeleteObject
          Resource: 'arn:aws:s3:::xyz-user-downloads-prod/*'

But when I deploy through Seed and then check the permissions shown for that Lambda in the AWS console, I only see CloudWatch Logs permissions (screenshot attached). TIA for your help!

I think I might have seen in the past that you need both:

arn:aws:s3:::xyz-user-downloads-dev/*

and

arn:aws:s3:::xyz-user-downloads-dev

Where in the console is the screenshot from?

Thanks! Do you know if I have to add two more

Allow

statements for that? or if they can be combined? Screenshot comes from Lambda >> Functions >> [function name] >> Configuration >> Permissions.

As an aside - it looks a bit dangerous (without knowing your use case) to grant permissions for deleting dev and prod objects

Good point x2 🙂 I'll check both of those out. Thanks!