【发布时间】:2020-06-18 18:35:27
【问题描述】:
这就是我授予外部 AWS 账户对我的 lambda 调用权限的方式。
myLambda.grantInvoke(new iam.AccountPrincipal('account_id_b'));
跑cdk部署
基于资源的策略在控制台中具有以下 json
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "generated_Sid",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::account_id_b:root"
},
"Action": "lambda:InvokeFunction",
"Resource": "my_lambda_arn"
}
]
}
我按照https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-cross-account-lambda-integrations.html 此处的步骤创建了可以从 account_id_b 帐户调用此 lambda 的 API 网关。
从 account_id_b 测试 API 网关会产生以下日志:
Fri Mar 06 03:00:07 UTC 2020 : Execution failed due to configuration error: Invalid permissions on Lambda function
Fri Mar 06 03:00:07 UTC 2020 : Method completed with status: 500
我还需要做什么才能正确设置?
【问题讨论】:
标签: amazon-web-services amazon-cloudformation aws-cdk