@mhlabs/sam-policies-cli
v1.0.10
Published
A CLI tool to browse and inject SAM Policy Templates into your SAM template
Downloads
28
Maintainers
Readme
sam-policies-cli
CLI tool to browse and inject AWS Policy Templates into the Policies
array of an AWS::Serverless::Function
in a SAM template
Installation
npm install -g @mhlabs/sam-policies-cli
Usage
sam-pol -t template.yaml -f yaml
Options:
-v, --vers output the current version
-t, --template <filename> Template file name (default: "template.yaml")
-h, --help output usage information
This is intended to set policies for Lambda functions to be allowed to integrate with resources that is managed by your template. However, sometimes you might want to create a policy for a resource that doesn't exist in your template and/or you might need to specify the resource name by wildcard or by other means. To achieve this, select Not Templated
from the first selection list.
Example
Caveats
- Both JSON and YAML options will reformat your template, but especially JSON shouldn't break it. It's therefore a good idea to run this command on a template without any local changes so you can easily diff the injection and reformatting. For safety it will create a backup of your template in <template_filename>_backup before making any changes.
- CloudFormation and SAM Policy Templates are inconsistent with which intrinsic function should be used to inject the resource identifier to the policy template transformation. Sometimes it's
!Ref
and sometimes!GetAtt
We're making a manual mapping which could be wrong and assumes!Ref
when no mapping exists.