AWS-CDK的跨栈Lambda和API网关权限
[英]Cross-Stack Lambda and API Gateway Permissions with AWS-CDK
问题描述
I have two code bases. 
我有两个代码库。 One defines a service (Service A) that includes an AWS lambda which queries a dynamoDB table. 一个定义了一种服务(服务A),其中包括一个查询dynamoDB表的AWS lambda。
Another, defines an aggregating API Gateway which needs to call multiple service lambdas. 另一个定义了一个聚合API网关,该网关需要调用多个服务lambda。
The API Gateway imports the lambda defined in service A using a cross stack reference and creates a Lambda integration for it: API网关使用交叉堆栈引用导入服务A中定义的lambda并为其创建Lambda集成:
const queryTrackFunction = lambda.Function.import(this, 'TrackQueryServiceQueryTrackFunction', { functionArn: cdk.Fn.importValue('TrackQueryServiceStack:QueryTrackFunctionArn') }) const customerApi = new api.RestApi(this, 'CustomerAPI') const tracks = customerApi.root.addResource('tracks') tracks.addMethod('GET', new api.LambdaIntegration(queryTrackFunction))
When the API is invoked it fails, presumably because the apigateway service has not been given invoke permissions. 调用该API时,它会失败,可能是因为未向apigateway服务授予调用权限。
In the aws-cdk project for Service AI add the following: 在Service AI的aws-cdk项目中,添加以下内容:
queryTracksFunction.grantInvoke(new ServicePrincipal('apigateway.amazonaws.com'))
When I attempt to deploy the service I get this error: 当我尝试部署服务时,出现以下错误:
Error: Cannot use tokens in construct ID: Invoke{"Service":["${Token[TOKEN.139]}"]}
1 个解决方案
解决方案1
2 已采纳 2019-04-29 09:53:26
This is a bug. 这是一个错误。 As a workaround, in your Service A, you can do: 解决方法是,在服务A中,您可以执行以下操作:
queryTracksFunction.addPermission('APIGateway', {
principal: new iam.ServicePrincipal('apigateway.amazonaws.com')
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.