堆栈内存溢出
  简体   繁体   English

如何让 lambda function 访问所有 SQS 队列?

[英]How can I give a lambda function access to all SQS queues?

 原文  2019-11-18 15:48:41       amazon-web-services/ aws-lambda/ amazon-sqs

问题描述

I have a lambda function that will be constantly running, and some SQS queues that will be dynamically created.我有一个 lambda function 将不断运行,以及一些将动态创建的 SQS 队列。 I need a way to allow the lambda to access all of the SQS queues so that these dynamically created queues can be used - how can I do this?我需要一种方法来允许 lambda 访问所有 SQS 队列,以便可以使用这些动态创建的队列 - 我该怎么做?

Currently I am using an Execution role that has an iam policy with a single queue ARN, but it seems I can't create multiple execution roles.目前我正在使用一个执行角色,该角色具有一个带有单个队列 ARN 的 iam 策略,但似乎我无法创建多个执行角色。

1 个解决方案

解决方案1
 0  2019-11-18 17:40:54

EDIT编辑

As mentioned in the comment below it may not be entirely safe to open up SQS queues to everything, so I will keep my initial solution below for interest but in general a better solution would be:正如下面的评论中所提到的,向所有内容开放 SQS 队列可能并不完全安全,因此我将保留我的初始解决方案以供感兴趣,但通常更好的解决方案是:

Create the lambda function with an iAM role attached that has access to all SQS queues.创建 lambda function 并附加一个可以访问所有 SQS 队列的 iAM 角色。 The policy for this would look something like这个政策看起来像

{
  "Version": "2012-10-17",
  "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "sqs:GetQueueUrl",
          "sqs:ChangeMessageVisibility",
          "sqs:ListDeadLetterSourceQueues",
          "sqs:SendMessageBatch",
          "sqs:PurgeQueue",
          "sqs:ReceiveMessage",
          "sqs:SendMessage",
          "sqs:GetQueueAttributes",
          "sqs:CreateQueue",
          "sqs:ListQueueTags",
          "sqs:ChangeMessageVisibilityBatch",
          "sqs:SetQueueAttributes"
        ],
        "Resource": "*"
      },
   ]
}

I initially managed to get around the problem by creating my SQS queues with permissions attached.我最初设法通过创建附加权限的 SQS 队列来解决这个问题。 When creating SQS queues you can assign a policy to them where you can specify permissions and users, for example the following policy allows all permissions to all users:创建 SQS 队列时,您可以为它们分配一个策略,您可以在其中指定权限和用户,例如以下策略允许所有用户的所有权限:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "SQS:*",
      "Resource": "{{ queue_arn }}"
    }
  ]
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何枚举AWS账户中的所有SQS队列 - How to enumerate all SQS queues in an AWS account 我有一个 lambda 的角色可以完全访问 SQS,但我仍然无法向 SQS 发送消息 - I have a lambda with a role that has full access to SQS but I still can't send messages to SQS 如何为Lambda函数添加SQS IAM? - How do I add SQS IAM for my Lambda function? 如何在我的 lambda 上设置 sqs 的重试次数? - How can I set the retry count on sqs on my lambda? 为什么我在CloudWatch中看不到所有SQS队列的指标 - Why I don't see metrics for all SQS queues in CloudWatch AWS:我可以让一个 VPC 内的 Lambda function 访问公共 Websockets API 网关吗? - AWS: Can I give a Lambda function inside a VPC access to a public Websockets API Gateway? 如何将目标跟踪策略与 SQS 队列一起使用? - How can you use target tracking policies with SQS queues? 我可以将来自 Lambda 函数的 onFailure 目标的 SQS 队列中的消息重新驱动回该函数吗? - Can I redrive messages from an SQS queue that is an onFailure target from a Lambda function back to that that function? 如何在 state 机器中授予 Lambda function 访问权限来描述 Z9ED39E2EA9312EF5736A985A6EZ 机器? - How to give a Lambda function in a state machine access to describe the state machine? 消耗SQS队列的lambda函数如何将消息发送到死信队列? - How can a lambda function that consumes a SQS queue send the message to a Dead Letter Queue?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM