AWS::Serverless::Connector - AWS Serverless Application Model

AWS::Serverless::Connector

Enables permissions between two resources. For an introduction to connectors, see Managing resource permissions with AWS SAM connectors.

For more information on generated AWS CloudFormation resources, see AWS CloudFormation resources generated when you specify AWS::Serverless::Connector.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

YAML

Type: AWS::Serverless::Connector Properties: Destination: ResourceReference Permissions: List Source: ResourceReference

Properties

Destination

The destination resource.

Type: ResourceReference

Required: Yes

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Permissions

The permission type that the source resource is allowed to perform on the destination resource.

Read includes AWS Identity and Access Management (IAM) actions that allow reading data from the resource.

Write inclues IAM actions that allow initiating and writing data to a resource.

Valid values: Read or Write

Type: List

Required: Yes

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Source

The source resource.

Type: ResourceReference

Required: Yes

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Examples

Basic example 1

The following basic example uses the AWS::Serverless::Connector resource to have an AWS Lambda function read from, and write to an Amazon DynamoDB table.

For Source and Destination, you must provide either the Id of the resource or a combination of other properties. For more information, see AWS SAM connector reference.

YAML

MyConnector: Type: AWS::Serverless::Connector Properties: Source: Id: MyFunction Destination: Id: MyTable Permissions: - Read - Write

Basic example 2

The following example uses the AWS::Serverless::Connector resource to have a Lambda function write to an Amazon SNS topic, with both resources in the same template.

YAML

MyConnector: Type: AWS::Serverless::Connector Properties: Source: Id: MyLambda Destination: Id: MySNSTopic Permissions: - Write

Basic example 3

The following example uses the AWS::Serverless::Connector resource to have a Lambda function write to an Amazon SQS topic, with both resources in the same template.

YAML

MyConnector: Type: AWS::Serverless::Connector Properties: Source: Id: MyLambda Destination: Id: MySQSQueue Permissions: - Write

Multiple functions example

The following example uses the AWS::Serverless::Connector resource to have an Amazon SNS topic write to a Lambda function, which then writes to an Amazon DynamoDB table, with all resources in the same template.

YAML

Transform: AWS::Serverless-2016-10-31 Resources: Topic: Type: AWS::SNS::Topic Properties: Subscription: - Endpoint: !GetAtt Function.Arn Protocol: lambda Function: Type: AWS::Serverless::Function Properties: Runtime: nodejs16.x Handler: index.handler InlineCode: | const AWS = require('aws-sdk'); exports.handler = async (event, context) => { const docClient = new AWS.DynamoDB.DocumentClient(); await docClient.put({ TableName: process.env.TABLE_NAME, Item: { id: context.awsRequestId, event: JSON.stringify(event) } }).promise(); }; Environment: Variables: TABLE_NAME: !Ref Table Table: Type: AWS::Serverless::SimpleTable TopicToFunctionConnector: Type: AWS::Serverless::Connector Properties: Source: Id: Topic Destination: Id: Function Permissions: - Write FunctionToTableConnector: Type: AWS::Serverless::Connector Properties: Source: Id: Function Destination: Id: Table Permissions: - Write

Transformed AWS CloudFormation template

The following is the transformed AWS CloudFormation template from the example above.

YAML

"FunctionToTableConnectorPolicy": { "Type": "AWS::IAM::ManagedPolicy", "Metadata": { "aws:sam:connectors": { "FunctionToTableConnector": { "Source": { "Type": "AWS::Lambda::Function" }, "Destination": { "Type": "AWS::DynamoDB::Table" } } } }, "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], "Resource": [ { "Fn::GetAtt": [ "MyTable", "Arn" ] }, { "Fn::Sub": [ "${DestinationArn}/index/*", { "DestinationArn": { "Fn::GetAtt": [ "MyTable", "Arn" ] } } ] } ] } ] }, "Roles": [ { "Ref": "MyFunctionRole" } ] } }