skip to Main Content

I have more than 10 lambdas. I am managing the infrastructure using sam template.
I have defined Function resources for these lambdas. There are some common permissions required by these lambdas – cloudwatch, xray. Each lambda again require it’s own specific permissions.
Like Lambda1 might require permission for S3, Lambda2 for ParameterStore.

So, to manage these permissions for the lambdas, I have decided to create inline policy along each Function resource with specific permissions. And define a Policy Resource with common permissions for all lambdas and refer that in each inline lambda policy.

When I am defining the separate Policy Resource, I am confused to use Type either AWS::IAM::Policy or AWS::IAM::ManagedPolicy. What is the difference between two? What is useful in my use case?

And also please suggest how can I refer this Policy Resource in inline policy of each lambda.

2

Answers


  1. Chosen as BEST ANSWER

    When we define policy as

    AWS::IAM::Policy it is required to associate it with any user/role

    AWS::IAM::ManagedPolicy it is not required to do so here


  2. AWS::IAM::ManagedPolicy is managed and provided by AWS and AWS::IAM::Policy is something you create

    For example There is ManagedPolicy named AmazonSSMManagedInstanceCore
    Which is an AWS managed policy which is readily availlable for use.Likewise there are number of ManagedPolicies for common usescases provided by AWS

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search