【发布时间】:2020-05-22 12:35:38
【问题描述】:
之所以问这个问题是因为我没有看到任何官方文件提到从 AWS Lambda 函数到 FireHose 执行 PutRecord。我想在 Kinesis FireHose 上从 AWS Lambda 执行 PutRecord。我还为我尝试从中进行 PutRecord 的 AWS Lambda 函数提供了适当的 PutRecord 策略。当使用 .Net 2.2 从 AWS Lambda 执行 PutRecord 操作时,我收到以下错误
用户:arn:aws:sts::accountnumber:assumed-role/listener-role/lambda 无权执行:kinesis:PutRecord on resource:arn:aws:kinesis:us-west-1:accountnumber:assumed :stream/firehose-stream
我的政策如下
{
"permissionsBoundary": {},
"roleName": "listener-role",
"policies": [
{
"document": {
"Version": "2012-10-17",
"Statement": [
{....},
{
"Effect": "Allow",
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Resource": [
"*"
]
}
]
},
"name": "policy",
"type": "inline"
}
],
"trustedEntities": [
"lambda.amazonaws.com"
]
}
.Net 被截断以在 Kinesis FireHose 上记录
_kinesisClient 是 AmazonKinesisClient
MemoryStream recordStream = new MemoryStream();
IFormatter formatter = new BinaryFormatter();
formatter.Serialize(recordStream, data);
var request = new PutRecordRequest
{
PartitionKey = Guid.NewGuid().ToString(),
Data = recordStream,
StreamName = Environment.GetEnvironmentVariable("KinesisStream")
};
await _kinesisClient.PutRecordAsync(request);
【问题讨论】:
标签: amazon-web-services aws-lambda amazon-iam amazon-kinesis amazon-kinesis-firehose