Question

我有一个通过serverless-framework运行的节点应用程序。

应用程序将消息写入SQS，代码为

const AWS = require('aws-sdk');
const config = require('../../configs/constants').config;

const sqs = new AWS.SQS({apiVersion: '2012-11-05'});

module.exports.sendMessage = (service, message) => {
    const params = {
        MessageBody: JSON.stringify(message),
        QueueUrl: config.SQS_QUEUE_URL_ANALYTICS
    };

    return new Promise((resolve, reject) => {
        sqs.sendMessage(params, (err, data) => {
            if (err) {
                console.error('Error creating SQS Message: ', err);
                reject(err);
            } else {
                console.log('SQS Message created successfully: ', data);
                resolve(data);
            }
        });
    });
};

授予用户的权限是

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "sqs:ListQueues",
                "sqs:*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "sqs:*",
            "Resource": "arn:aws:sqs:ap-south-1:881210447458:Staging-Analytics-Log-Data-Process"
        }
    ]
}

当执行lambda函数时，会出现错误

ERROR Error creating SQS Message: { AccessDenied: Access to the resource https://sqs.ap-south-1.amazonaws.com/ is denied.

要运行SQS，还需要其他哪些凭据？

Answer 1

不确定通配符是否缺少您的权限，但是从您发布的代码中，您只需要具有发送消息的权限即可。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "sqs:SendMessage"
            ],
            "Resource": "arn:aws:sqs:ap-south-1:881210447458:Staging-Analytics-Log-Data-Process"
        }
    ]
}

Answer 2

要将邮件从AWS Lambda发送到SQS，您需要附加到Lambda的IM角色才能将消息发送到SQS。因为在AWS中，您需要访问其他服务资源的权限：

创建具有SQS权限或所需访问权限的IM ROLE
在开始创建Lambda函数时分配创建的IM角色
在“权限”标签上查看为lambda分配的权限

无服务器Lambda SQS访问被拒绝错误

2 个答案: