当我将我的lambda执行角色的IAM策略设置为:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"lambda:GetFunction"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
我收到此错误:
[AccessDeniedException: User:
arn:aws:sts::xxx:assumed-role/supercoolsoftware-dev-us-west-2-lambdaRole/supercoolsoftware-dev-addEmail
is not authorized to perform:
lambda:GetFunction on resource:
arn:aws:lambda:us-west-2:xxx:function:supercoolsoftware-dev-dailyEmail]
但是,当我将策略设置为:
时{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"lambda:*"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
错误消失了......我还需要添加什么?
答案 0 :(得分:9)
想出来。显然,SDK也使用“lambda:GetFunctionConfiguration”。一旦我把它包括在内就完成了。
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
答案 1 :(得分:2)
对于在alexa.design/cli教程之后出现此错误的任何人,
ASK_CLI_USER is not authorized to perform: lambda:GetFunction on resource
我的问题不是" lambda:GetFunctionConfiguration"而是由于"询问 - "而是它下面的资源线。前缀:
"Resource": "arn:aws:lambda:*:*:function:ask-*"
将其更改为此解决了我的问题:
"Resource": "arn:aws:lambda:*:*:function:*"