Altostra Docs

    ›Working with the Editor

    Getting Started

    • Welcome to Altostra
    • Connect your accounts
    • Install the developer tools
    • Log in from the CLI

    Tutorials

    • Create a Static Website
    • Create a Scalable Webhook
    • Create a Simple API Project
    • Try Altostra without connecting cloud accounts
    • CI/CD with Altostra CLI and Github Actions

    How To

      Working with projects

      • Create a new project
      • Deploy a project
      • Manage a project

      Working with environments

      • Manage an environment
      • Configure instances expiration for an environment

      Working with the Editor

      • Grant access to vendor services
      • Use the Parameter Store
      • Use a custom CloudFormation resource
      • Attach a custom policy to a Function
      • Connect a Function to VPC
      • Add filter policy to SNS subscription

      Organization account settings

      • Set General Settings
      • Connect a Git account
      • Connect Cloud Accounts
      • Manage log aggregation accounts

    CLI

    • Altostra CLI
    • Commands

      • templates
      • new
      • init
      • push
      • deploy
      • sls-deploy
      • sync
      • invalidate
      • domains
      • console
      • environments
      • images
      • instances
      • build
      • config
      • import
      • projects
      • tasks
      • activity-log
      • login
      • logout
      • account
      • whoami
      • api-key
      • docs

      Options

      • --debug
      • --verbose
      • Scripting options
    • Configuration files

    Errors And Solutions

    • Autnentication Required

    Technical Reference

    • Environments
    • Playground Environment
    • Instances
    • Project image
    • Image Repository
    • Log Shipping
    • Deployment Modes
    • Altostra Cloud Integration

    Integrations

      CI/CD

      • CircleCI

    Attach a custom policy to a Function

    Functions that require access to other resources need to have policies attached that grant them permissions to access the required resources. For most cases, this is done automatically by Altostra when you create a connection between resources.

    If, however, you need to grant a Function access to a resource outside of your Altostra project, or if you need to grant your Function a custom policy, then you need to attach a custom policy to that function. The attached policy, or policies, will be added to the other policies generated for that function.

    Keep in mind that the resources you add using the Custom Resources resource are not checked by Altostra for validity. This resource is meant to help you extend your needs beyond what is currently supported by Altostra, but at your own risk. Please feel free to submit a feature request if you find yourself using this resource.

    Attach custom policies to a Function

    1. Open the project in Visual Studio Code.
    2. Edit the Function to which you wish to attach custom policies.
    3. Expand the Policies section:
      Expand policy
      The displayed text is an example of a possible policy definition.
    4. Enter your custom policies in the policy text field.
    5. Click SAVE to finish editing the function.

    Acceptable policy formats

    You can use either one of the following three formats to define your policies:

    A comma separated list of policy names

    read-write-files-policy, read-only-database-policy
    

    IMPORTANT: For this to work, the policy names you enter must already exist on the account to which you will deploy the project. Please refer to Manage Enviroments for more information about accounts and environments.

    A policy document

    Enter a custom policy in JSON format that adheres to the AWS IAM policy format. See Grammar of the IAM JSON Policy Language for more information.

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:ListBucket",
            "s3:ListBucketVersions"
          ],
          "Resource": [
            "arn:aws:s3:::*/*"
          ]
        }
      ]
    }
    

    A list of policy documents and policy names

    You can mix both formats by specifying a JSON array. The items of the array can be predefined policy names and custom policy objects.

    [
      "read-write-files-policy",
      "read-only-database-policy",
      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "s3:ListBucket",
              "s3:ListBucketVersions"
            ],
            "Resource": [
              "arn:aws:s3:::*/*"
            ]
          }
        ]
      }
    ]
    
    ← Use a custom CloudFormation resourceConnect a Function to VPC →
    • Attach custom policies to a Function
    • Acceptable policy formats
      • A comma separated list of policy names
      • A policy document
      • A list of policy documents and policy names
    © 2021 Altostra, Inc.