运行 AWS Lambda function 以跨账户核对证书
[英]Run AWS Lambda function to collate certs cross account
问题描述
I am using this lambda function to notify expiring acmes certs.
我正在使用这个lambda function 来通知即将到期的 acmes 证书。 It is working fine for the account in which I am executing it, let suppose Account A.对于我正在执行它的帐户,它工作正常,假设帐户 A。
I want to this function to work cross account and我想让这个 function 跨账户工作
- loop over all my AWS account, detect expiring certs遍历我所有的 AWS 账户,检测过期的证书
- Do a SNS publish for certs of other account.为其他帐户的证书做一个 SNS 发布。
Can someone guide me: How do I make this lambda function in account "A" look for certs in all my AWS account and do a SNS publish?有人可以指导我:如何在账户“A”中制作这个 lambda function 在我的所有 AWS 账户中查找证书并进行 SNS 发布?
1 个解决方案
解决方案1
0 2020-05-07 06:10:04
You would need to create a role in each of the other accounts which have the permissions to view ACM and grant access the account the Lambda is being run in.您需要在有权查看 ACM 的每个其他帐户中创建一个角色,并授予对正在运行 Lambda 的帐户的访问权限。
Then update the Lambda role to allow it to assume the roles from other accounts.然后更新 Lambda 角色以允许它代入其他帐户的角色。
You would need to have a list of accounts to know which one to assume the role of.您需要有一个帐户列表才能知道要承担哪个角色。
Additional Links附加链接
- https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.