当我尝试查看Lambda函数时,在控制台上出现此错误:
这是我的用户帐户所在的网上论坛的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:Describe*",
"cloudformation:List*",
"cloudformation:Get*",
"cloudformation:CreateStack",
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Resource": "arn:aws:cloudformation:sa-east-1:XXXXXXX:stack/notification-service*/*"
},
{
"Effect": "Allow",
"Action": [
"cloudformation:ValidateTemplate"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:Get*",
"s3:List*",
"s3:GetEncryptionConfiguration",
"s3:PutEncryptionConfiguration",
"s3:PutBucketPolicy"
],
"Resource": [
"arn:aws:s3:::notification-service*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::notification-service*/*"
]
},
{
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups"
],
"Resource": "arn:aws:logs:sa-east-1:XXXXXXX:log-group::log-stream:*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogGroup",
"logs:DeleteLogStream",
"logs:DescribeLogStreams",
"logs:FilterLogEvents"
],
"Resource": "arn:aws:logs:sa-east-1:XXXXXXX:log-group:/aws/lambda/notification-service*:log-stream:*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"lambda:GetFunction",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:UpdateFunctionCode",
"lambda:ListVersionsByFunction",
"lambda:PublishVersion",
"lambda:CreateAlias",
"lambda:DeleteAlias",
"lambda:UpdateAlias",
"lambda:GetFunctionConfiguration",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:InvokeFunction"
],
"Resource": [
"arn:aws:lambda:*:XXXXXXX:function:notification-service*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:PassRole",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DetachRolePolicy",
"iam:PutRolePolicy",
"iam:AttachRolePolicy",
"iam:DeleteRolePolicy"
],
"Resource": [
"arn:aws:iam::XXXXXXX:role/notification-service*-lambdaRole"
]
},
{
"Effect": "Allow",
"Action": [
"events:Put*",
"events:Remove*",
"events:Delete*",
"events:Describe*"
],
"Resource": "arn:aws:events::XXXXXXX:rule/notification-service*"
},
{
"Effect": "Allow",
"Action": [
"sns:GetTopicAttributes",
"sns:CreateTopic",
"sns:Publish",
"sns:Subscribe",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListPlatformApplications",
"sns:ListTopics",
"sns:ListTagsForResource"
],
"Resource": [
"arn:aws:sns:sa-east-1:XXXXXXX:*"
]
},
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
],
"Resource": [
"arn:aws:apigateway:sa-east-1::/restapis",
"arn:aws:apigateway:sa-east-1::/restapis/*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:ListFunctions"
],
"Resource": [
"arn:aws:lambda:sa-east-1:XXXXXXX:*:*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:GetAccountSettings"
],
"Resource": [
"arn:aws:lambda:sa-east-1:XXXXXXX:*:*"
]
}
]
}
有什么主意吗?我应该去哪里看看?
编辑:在JSON的末尾,我放置了我认为可以使我看到Lambda函数的策略:
"Effect": "Allow",
"Action": [
"lambda:ListFunctions"
],
"Resource": [
"arn:aws:lambda:sa-east-1:XXXXXXX:*:*"
]
但是不起作用。