使用无服务器框架对Lambda函数的Cognito许可

时间:2019-02-20 03:31:07

标签: permissions aws-lambda amazon-cognito serverless-framework

我尝试授予我的lambda函数访问Cognito的权限,并使用我的serverless.yml文件中的以下代码来调用另一个lambda函数。 代码:

# NOTE: update this with your service name
service: xxxx

# Use the serverless-webpack plugin to transpile ES6
plugins:
  - serverless-webpack
  - serverless-offline

# serverless-webpack configuration
# Enable auto-packing of external modules
custom:
  webpack:
    webpackConfig: ./webpack.config.js
    includeModules: true

provider:
  name: aws
  runtime: nodejs8.10
  stage: dev
  region: ap-south-1

  environment:
    MYSQLHOST: 'xxxx'
    MYSQLPORT: 'xxxx'
    MYSQLUSER: 'xxxx'
    MYSQLPASS: 'xxxx'
    MYSQLDATABASE: 'xxxx'
    USERPOOLID: 'xxxx'
    USERPOOLREGION: 'xxxx'
  # To load environment variables externally
  # rename env.example to env.yml and uncomment
  # the following line. Also, make sure to not
  # commit your env.yml.
  #
  #environment: ${file(env.yml):${self:provider.stage}}
Version: "2012-10-17"

iamRoleStatements:
  - Effect: "Allow"
    Action:
      -cognito-identity:*
      -cognito-sync:*
      -cognito-idp:*
      -lambda:*
    Resource:
      -"*"


functions:
  # Defines an HTTP API endpoint that calls the main function in create.js
  # - path: url path is /notes
  # - method: POST request
  # - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
  #     domain api call
  # - authorizer: authenticate using the AWS IAM role

  createUser:
    handler: createUser.main
    events:
      - http:
          path: users/create
          method: post
          cors: true
          authorizer: aws_iam

  getUsers:
    handler: getUsers.main
    events:
      - http:
          path: getUsers
          method: get
          cors: true
          authorizer: aws_iam

当我添加dynamodb的权限时,这些权限已添加到我的lambda角色中。但是,认知权限并没有附加到该角色。

无服务器框架,根据yml文件自行处理角色的创建。 创建角色后,我可以通过AWS控制台添加策略。 但是,即使指定后,框架也不会创建它们。

0 个答案:

没有答案