由于配置错误,执行失败:Lambda函数-YAML文件的权限无效

时间:2019-07-08 23:33:02

标签: amazon-web-services aws-lambda yaml api-gateway

伙计们,所以我试图创建一个使用lambda的API网关,但是我遇到了无效的权限问题。我已经在网上找到了一些信息,但是还无法弄清楚。这是我的yaml文件中的一些相关信息:

ApiGatewayUploadImageMethod:
Type: AWS::ApiGateway::Method
Properties:
  ApiKeyRequired: false
  AuthorizationType: NONE
  HttpMethod: "POST"
  OperationName: "uploadImage"
  ResourceId: !Ref ImagesApiResource
  RestApiId: !Ref ImagesApiGateway
  Integration:
    ConnectionType: INTERNET
    Credentials: !GetAtt LambdaRole.Arn
    IntegrationHttpMethod: POST
    PassthroughBehavior: WHEN_NO_MATCH
    TimeoutInMillis: 29000
    Type: AWS_PROXY
    Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${myLambdaFunction.Arn}/invocations'


LambdaRole:
Type: AWS::IAM::Role
Properties:
  ManagedPolicyArns:
    - Ref: LogPolicy
    - Ref: LambdaPolicy
  AssumeRolePolicyDocument:
    Version: 2012-10-17
    Statement:
      - Effect: Allow
        Action:
          - sts:AssumeRole
        Principal:
          Service:
            - appsync.amazonaws.com
            - apigateway.amazonaws.com
            - lambda.amazonaws.com


LambdaPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
  PolicyDocument:
    Version: 2012-10-17
    Statement:
      - Effect: Allow
        Action:
          - lambda:*
        Resource:
          - !GetAtt MyLambdaFunction.Arn
          - !Sub ${MyLambdaFunction.Arn}:*

MyLambdaFunction:
Type: AWS::Serverless::Function
Properties:
  CodeUri: src/project-images
  Handler: post.handler
  Role: !GetAtt XrS3Role.Arn
  Runtime: nodejs10.x
  Timeout: 60

在ApiGateway:Method文档下,它指定了L Use the AWS::Lambda::Permission resource to grant API Gateway permission to invoke your Lambda function.,所以我认为罪魁祸首是:

LambdaPermission:
Type: AWS::Lambda::Permission
Properties:
  Action: lambda:InvokeFunction
  FunctionName: !Ref MyLambdaFunction
  Principal: apigateway.amazonaws.com

我见过网上有人添加sourcerArn,但不确定使用哪种格式。我也了解到sourceArn仅用于限制对所提供服务的访问。我的lambda许可是否缺少任何内容?还是还有其他我想念或做错的事情?

我还应该提到我一直在使用HTTPie测试我的API网关。我从那里收到500错误,并且在检查API网关日志时看到无效的Lambda权限错误。

预先感谢您的帮助!

编辑:我添加了lambda代码。我尝试使用AWS :: Lambda :: Function,但它给了我同样的错误。

0 个答案:

没有答案
相关问题
最新问题