这是我向外部AWS帐户授予对lambda的调用权限的方式。
myLambda.grantInvoke(new iam.AccountPrincipal('account_id_b'));
Ran cdk部署
基于资源的策略在控制台中显示以下json
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "generated_Sid",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::account_id_b:root"
},
"Action": "lambda:InvokeFunction",
"Resource": "my_lambda_arn"
}
]
}
我在这里https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-cross-account-lambda-integrations.html遵循了步骤,以创建可以从account_id_b帐户调用此lambda的API网关。
从account_id_b测试API网关会生成以下日志:
Fri Mar 06 03:00:07 UTC 2020 : Execution failed due to configuration error: Invalid permissions on Lambda function
Fri Mar 06 03:00:07 UTC 2020 : Method completed with status: 500
我还需要做些什么来正确设置它?
答案 0 :(得分:0)
该政策应采用以下形式:
public class MyReceiver extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
Toast.makeText(context, "BUTTON clicked", Toast.LENGTH_SHORT).show();
}
}
基本上,这里您授予api网关服务的权限来调用您的函数。该api可以使用与您的函数不同的帐户。
为了进行测试和简化,您可以摆脱{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "what-ever-sid",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "my_lambda_arn",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "api_gateway_arn"
}
}
}
]
}
。
希望这会有所帮助。