创建AWS Lambda函数时使用现有IAM角色

时间:2018-08-21 15:11:20

标签: amazon-web-services aws-lambda amazon-cloudformation

我正在使用CloudFormation创建lambda函数。大多数文档假定该角色将在模板中创建。有没有办法指定通过控制台说已经创建的角色?这个问题解决了一个类似的问题,但是对于EC2实例创建:Associate existing IAM role with EC2 instance in CloudFormation

我正在寻找类似的东西

 "LambdaFunction": {
            "Type": "AWS::Lambda::Function",
            "Properties": {
                "FunctionName": "My Function"
                "Runtime": "netcoreapp2.0",
                "Handler": "handler.location",
                "Role": "Existing_Role"

3 个答案:

答案 0 :(得分:2)

如果您参考云形成文档,

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html

您可以找到Role属性来替换您的角色。

它需要arn格式,而不仅仅是角色名称。

arn:aws:iam :: 554668579590:role / ProdAdmin 

"FunctionName": {
  "Type": "AWS::Lambda::Function",
  "Properties": {
    "Handler": "index.handler",
    "Role": "arn:aws:iam::AccountID:role/RoleName",
    "Code": {
      "S3Bucket": "lambda-functions",
      "S3Key": "amilookup.zip"
    },
    "Runtime": "nodejs4.3",
    "Timeout": 25,
    "TracingConfig": {
      "Mode": "Active"
   }
  }
}

答案 1 :(得分:0)

要在具有CloudFormation StackSet的多个帐户上运行,请使用Fn :: Sub替换变量-在这种情况下,使用帐户ID:

"FunctionName": {
  "Type": "AWS::Lambda::Function",
  "Properties": {
    "Handler": "index.handler",
    "Role": { "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:role/RoleName" },
    "Code": {
      "S3Bucket": "lambda-functions",
      "S3Key": "amilookup.zip"
    },
    "Runtime": "nodejs4.3",
    "Timeout": 25,
    "TracingConfig": {
      "Mode": "Active"
   }
  }
}

答案 2 :(得分:0)

这有效 "Role": { "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:role/RoleName" },

相关问题
最新问题