[英]How can I give a lambda function access to all SQS queues?
I have a lambda function that will be constantly running, and some SQS queues that will be dynamically created.我有一个 lambda function 将不断运行,以及一些将动态创建的 SQS 队列。 I need a way to allow the lambda to access all of the SQS queues so that these dynamically created queues can be used - how can I do this?
我需要一种方法来允许 lambda 访问所有 SQS 队列,以便可以使用这些动态创建的队列 - 我该怎么做?
Currently I am using an Execution role that has an iam policy with a single queue ARN, but it seems I can't create multiple execution roles.目前我正在使用一个执行角色,该角色具有一个带有单个队列 ARN 的 iam 策略,但似乎我无法创建多个执行角色。
EDIT编辑
As mentioned in the comment below it may not be entirely safe to open up SQS queues to everything, so I will keep my initial solution below for interest but in general a better solution would be:正如下面的评论中所提到的,向所有内容开放 SQS 队列可能并不完全安全,因此我将保留我的初始解决方案以供感兴趣,但通常更好的解决方案是:
Create the lambda function with an iAM role attached that has access to all SQS queues.创建 lambda function 并附加一个可以访问所有 SQS 队列的 iAM 角色。 The policy for this would look something like
这个政策看起来像
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:GetQueueUrl",
"sqs:ChangeMessageVisibility",
"sqs:ListDeadLetterSourceQueues",
"sqs:SendMessageBatch",
"sqs:PurgeQueue",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:CreateQueue",
"sqs:ListQueueTags",
"sqs:ChangeMessageVisibilityBatch",
"sqs:SetQueueAttributes"
],
"Resource": "*"
},
]
}
I initially managed to get around the problem by creating my SQS queues with permissions attached.我最初设法通过创建附加权限的 SQS 队列来解决这个问题。 When creating SQS queues you can assign a policy to them where you can specify permissions and users, for example the following policy allows all permissions to all users:
创建 SQS 队列时,您可以为它们分配一个策略,您可以在其中指定权限和用户,例如以下策略允许所有用户的所有权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "SQS:*",
"Resource": "{{ queue_arn }}"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.