堆栈内存溢出
  简体   繁体   English

仅使用角色使用AWS Lambda访问S3

[英]Use AWS Lambda to access S3 using only Roles

 原文  2017-04-02 08:21:07       amazon-web-services/ amazon-s3/ aws-lambda/ aws-sdk/ serverless-framework

问题描述

I have a Lambda function written in Java I and I want it to access S3 (putObject). 我有一个用Java I编写的Lambda函数,我希望它访问S3(putObject)。

I do not want to use or store credentials in my Lambda function in order to access S3. 我不想在Lambda函数中使用或存储凭据以访问S3。 Instead, I would like to use IAM roles. 相反,我想使用IAM角色。

How can I code an AWS S3 client inside my java code (that would be ran by Lambda) that won't need any credentials and assume that the Lambda has the appropriate Role? 如何在不需要任何凭证并假设Lambda具有适当角色的Java代码(由Lambda运行)中编写一个AWS S3客户端?

1 个解决方案

解决方案1
 5 已采纳  2017-04-02 08:57:23

You don't need to store credentials in your lambda functions. 您无需在lambda函数中存储凭据。 All funtions run with a role - the role you set when you created the function. 所有功能均以角色运行-创建功能时设置的角色。 Since the lambda function has a role, you can add or remove permissions from this role as needed, without changing the function itself 由于lambda函数具有角色,因此您可以根据需要在此角色中添加或删除权限,而无需更改函数本身

Manage Permissions: Using an IAM Role (Execution Role) 管理权限:使用IAM角色(执行角色)

Each Lambda function has an IAM role (execution role) associated with it. 每个Lambda函数都有一个与之关联的IAM角色(执行角色)。 You specify the IAM role when you create your Lambda function . 创建Lambda函数时,可以指定IAM角色 Permissions you grant to this role determine what AWS Lambda can do when it assumes the role. 您授予此角色的权限确定了AWS Lambda在担任该角色时可以做什么。 There are two types of permissions that you grant to the IAM role: 您授予IAM角色两种类型的权限:

If your Lambda function code accesses other AWS resources, such as to read an object from an S3 bucket or write logs to CloudWatch Logs, you need to grant permissions for relevant Amazon S3 and CloudWatch actions to the role. 如果您的Lambda函数代码访问其他AWS资源,例如从S3存储桶读取对象或将日志写入CloudWatch Logs,则需要向该角色授予对相关Amazon S3和CloudWatch操作的权限。 If the event source is stream-based (Amazon Kinesis Streams and DynamoDB streams), AWS Lambda polls these streams on your behalf. 如果事件源基于流(Amazon Kinesis流和DynamoDB流),则AWS Lambda会代您轮询这些流。 AWS Lambda needs permissions to poll the stream and read new records on the stream so you need to grant the relevant permissions to this role. AWS Lambda需要权限来轮询流并读取流上的新记录,因此您需要向此角色授予相关权限。

http://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html http://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用角色从另一个帐户访问AWS S3存储桶 - Access AWS S3 bucket from another account using roles 将AWS S3存储桶限制为仅Lambda访问 - Limit AWS S3 Bucket to only Lambda access AWS Lambda 仅使用 API 网关从 S3 访问 - AWS Lambda Access from S3 Only with API Gateway 使用 AWS lambda [CDK] 访问 S3 中的对象 - Access objects in S3 using AWS lambda [CDK] S3 传输的 AWS Lambda 跨账户密钥和角色使用 - AWS Lambda Cross account Keys & Roles usage for S3 transfer AWS Lambda S3 访问被拒绝 - AWS Lambda S3 Access Denied AWS S3 Lambda 访问被拒绝 - AWS S3 Lambda Access Denied 配置AWS Lambda以访问S3 Bucket - Configuring AWS Lambda to access S3 Bucket PySpark 使用 IAM 角色访问 S3 - PySpark using IAM roles to access S3 AWS Lambda:如何使用Java中的IAM角色访问其他账户的存储桶 - AWS Lambda: How to access other account's bucket using IAM Roles in Java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM