I’m using AWS Elastic Transcoder, which is not available in their Govcloud region. When elastic transcoder completes, it sends the job to a Lambda function in us-east-1 that I’m managing with serverless. Ideally, I would like to move the file I generate with Elastic Transcoder to govcloud, however, I’m not able to set up access. I have a basic access setup in my serverless.yml that looks like this:
iamRoleStatements: - Effect: "Allow" Action: - "logs:CreateLogGroup" - "logs:CreateLogStream" - "logs:PutLogEvents" Resource: "arn:aws:logs:*:*:*" - Effect: "Allow" Action: - "s3:GetObject" - "s3:PutObject" Resource: "arn:aws:s3:::*" - Effect: "Allow" Action: - "s3:PutObject" Resource: "arn:aws-us-gov:s3:::*"
Basically, just to get this thing working I’d like to grant this lambda access to all of my govcloud buckets and I’ll lock it down from there.
When I go to deploy my Lambda I get an error message.
An error occurred while provisioning your stack: IamRoleLambdaExecution - Partition "aws-us-gov" is not valid for resource "arn:aws-us-gov:s3:::*"..
Any thoughts on how I can accomplish my goal here? Thanks!!