我尝试授予我的lambda函数访问Cognito的权限,并使用我的serverless.yml文件中的以下代码来调用另一个lambda函数。 代码:
# NOTE: update this with your service name
service: xxxx
# Use the serverless-webpack plugin to transpile ES6
plugins:
- serverless-webpack
- serverless-offline
# serverless-webpack configuration
# Enable auto-packing of external modules
custom:
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
provider:
name: aws
runtime: nodejs8.10
stage: dev
region: ap-south-1
environment:
MYSQLHOST: 'xxxx'
MYSQLPORT: 'xxxx'
MYSQLUSER: 'xxxx'
MYSQLPASS: 'xxxx'
MYSQLDATABASE: 'xxxx'
USERPOOLID: 'xxxx'
USERPOOLREGION: 'xxxx'
# To load environment variables externally
# rename env.example to env.yml and uncomment
# the following line. Also, make sure to not
# commit your env.yml.
#
#environment: ${file(env.yml):${self:provider.stage}}
Version: "2012-10-17"
iamRoleStatements:
- Effect: "Allow"
Action:
-cognito-identity:*
-cognito-sync:*
-cognito-idp:*
-lambda:*
Resource:
-"*"
functions:
# Defines an HTTP API endpoint that calls the main function in create.js
# - path: url path is /notes
# - method: POST request
# - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
# domain api call
# - authorizer: authenticate using the AWS IAM role
createUser:
handler: createUser.main
events:
- http:
path: users/create
method: post
cors: true
authorizer: aws_iam
getUsers:
handler: getUsers.main
events:
- http:
path: getUsers
method: get
cors: true
authorizer: aws_iam
当我添加dynamodb的权限时,这些权限已添加到我的lambda角色中。但是,认知权限并没有附加到该角色。
无服务器框架,根据yml文件自行处理角色的创建。 创建角色后,我可以通过AWS控制台添加策略。 但是,即使指定后,框架也不会创建它们。