Question

Aws lambda和CLI都返回“InternalServerErrorException：调用UpdateThreatIntelSet操作时发生错误（InternalServerErrorException）：请求被拒绝，因为调用者无权调用此API。” IAM策略已设置为允许Admin操作和Trusted实体设置为s3，lambda，guardduty，Apigateway。我一直在寻找几天为什么它一直在给我拒绝，我已经明确允许一切。任何建议或帮助非常感谢。下面是代码片段和lambda的拒绝

from __future__ import print_function
import boto3


detector_id = 'abcdefghijklmnop12345'
threatIntelSetIds = 'abcdefghijklmnop12345'
mal_ip = '10.0.0.0'


#update threatIntelsetId based on the malicious_ip addresses.
def update_threatList(threatIntelSetIds, mal_ip):
client = boto3.client('guardduty')
response = client.update_threat_intel_set(
    Activate=True,
    DetectorId=detector_id,
    ThreatIntelSetId=threatIntelSetIds
)

def lambda_handler(event, context):
    update_threatList(threatIntelSetIds, mal_ip)

here is the rejection IAM policy Trusted entities

Answer 1

如评论中所述，此令人困惑的错误消息（可能是我使用Terraform资源管理GuardDuty再现的）的可能原因是S3位置不存在。

aws lambda返回AccessDeniedException（调用者无权调用API）调用Guardduty updatethreatintelset

1 个答案: