Altostra Docs

    ›How To

    Getting Started

    • Overview
    • Connect your accounts
    • Install the developer tools
    • Log in from the CLI

    Tutorials

    • Create a Static Website

    How To

    • Manage environments
    • Manage configuration sets
    • Create a new project
    • Deploy an Altostra Project
    • Configure log shipping
    • Grant access to vendor services
    • Use the Parameter Store
    • Use a custom CloudFormation resource
    • Attach a custom policy to a Function

    CLI

    • Altostra CLI
    • Commands

      • compile
      • config
      • console
      • deploy
      • deployments
      • images
      • init
      • templates
      • local run
      • login
      • logout
      • push
      • whoami

      Options

      • --debug
      • --verbose
    • Configuration files

    Errors And Solutions

    • Autnentication Required

    Technical Reference

    • Blueprint
    • Project image
    • Environments
    • Configuration sets
    • Image Repository
    • Log Shipping

    Attach a custom policy to a Function

    Functions that require access to other resources need to have policies attached that grant them permissions to access the required resources. For most cases, this is done automatically by Altostra when you create a connection between resources.

    If, however, you need to grant a Function access to a resource outside of your Altostra project, or if you need to grant your Function a custom policy, then you need to attach a custom policy to that function. The attached policy, or policies, will be added to the other policies generated for that function.

    Keep in mind that the resources you add using the Custom Resources resource are not checked by Altostra for validity. This resource is meant to help you extend your needs beyond what is currently supported by Altostra, but at your own risk. Please feel free to submit a feature request if you find yourself using this resource.

    Attach custom policies to a Function

    1. Open the project in Visual Studio Code.
    2. Edit the Function to which you wish to attach custom policies.
    3. Expand the Policies section:
      Expand policy
      The displayed text is an example of a possible policy definition.
    4. Enter your custom policies in the policy text field.
    5. Click SAVE to finish editing the function.

    Acceptable policy formats

    You can use either one of the following three formats to define your policies:

    A comma separated list of policy names

    read-write-files-policy, read-only-database-policy
    

    IMPORTANT: For this to work, the policy names you enter must already exist on the account to which you will deploy the project. Please refer to Manage Enviroments for more information about accounts and environments.

    A policy document

    Enter a custom policy in JSON format that adheres to the AWS IAM policy format. See Grammar of the IAM JSON Policy Language for more information.

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:ListBucket",
            "s3:ListBucketVersions"
          ],
          "Resource": [
            "arn:aws:s3:::*/*"
          ]
        }
      ]
    }
    

    A list of policy documents and policy names

    You can mix both formats by specifying a JSON array. The items of the array can be predefined policy names and custom policy objects.

    [
      "read-write-files-policy",
      "read-only-database-policy",
      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "s3:ListBucket",
              "s3:ListBucketVersions"
            ],
            "Resource": [
              "arn:aws:s3:::*/*"
            ]
          }
        ]
      }
    ]
    
    ← Use a custom CloudFormation resourceAltostra CLI →
    • Attach custom policies to a Function
    • Acceptable policy formats
      • A comma separated list of policy names
      • A policy document
      • A list of policy documents and policy names
    © 2020 Altostra, Inc.