【发布时间】:2019-11-07 15:58:45
【问题描述】:
我想使用无服务器框架从另一个函数调用具有自定义角色的 lambda 函数,我应该怎么做,我已授予调用权限但似乎还不够,因为另一个函数作为更多权限是由角色赋予
我得到的错误,
ocr-solution-dev-routes is not authorized to perform:textract:StartDocumentAnalysis",
"errorType":"AccessDeniedException"
我的无服务器 yml
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:*"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::${self:custom.secrets.IMAGE_BUCKET_NAME}", "/*" ] ] }
- Effect: "Allow"
Action:
- lambda:InvokeFunction
- lambda:InvokeAsync
Resource: "*"
functions:
routes:
handler: src/functions/routes/handler.run
events:
- s3:
bucket: ${self:custom.secrets.IMAGE_BUCKET_NAME}
event: s3:ObjectCreated:*
startTextract:
role: QvaliaTextractRole
handler: src/functions/routes/handler.startTextAnalysis
getTextract:
role: QvaliaTextractRole
handler: src/functions/routes/handler.detectTextAnalysis
resources:
Resources:
QvaliaTextractRole:
Type: AWS::IAM::Role
Properties:
RoleName: QvaliaTextractRole
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- textract.amazonaws.com
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: TextractPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- lambda:*
- sns:*
- sqs:*
- s3:*
Resource: "*"
- Effect: "Allow"
Action:
- "s3:*"
Resource: { "Fn::Join": ["", ["arn:aws:s3:::${self:custom.secrets.IMAGE_BUCKET_NAME}", "/*" ] ] }
【问题讨论】:
标签: amazon-web-services aws-lambda amazon-iam serverless-framework aws-serverless