[英]Attach an existing role to AWS Lambda with AWS CDK
I want to attach and existing role to a lambda created using CDK I am doing the below我想将现有角色附加到使用 CDK 创建的 lambda 我正在执行以下操作
const role1 = iam.Role.fromRoleArn(this, 'Role', 'ARN', {
mutable: true,
});
const lambda1 = new lambda.Function(this, 'lambda1', {
runtime: lambda.Runtime.PYTHON_3_7,
code: lambda.Code.asset('lambda/lambda1_function'),
handler: 'lambda_function.lambda_handler',
role:role1,
reservedConcurrentExecutions: 1
});
getting the below exception when I run cdk deploy运行 cdk deploy 时出现以下异常
The role defined for the function cannot be assumed by Lambda. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID:
If someone could help to fix this PS: I am using typescript CDK@1.27.0如果有人可以帮助解决这个问题 PS:我正在使用 typescript CDK@1.27.0
Based on the comments, the issue was incorrect trust policy in the role.根据评论,问题是角色中的信任策略不正确。
The issue was solved by adding lambda.amazonaws.com
to the trust policy .该问题已通过将
lambda.amazonaws.com
添加到trust policy得到解决。
As per the role
parameter documentation:根据
role
参数文档:
Lambda execution role.
Lambda 执行角色。
This is the role that will be assumed by the function upon execution.
这是 function 在执行时将承担的角色。 It controls the permissions that the function will have.
它控制 function 将拥有的权限。 The Role must be assumable by the 'lambda.amazonaws.com' service principal .
角色必须由“lambda.amazonaws.com”服务主体承担。
this can be achieved by granting permission to lambda service:这可以通过授予 lambda 服务权限来实现:
role1.grant(new iam.ServicePrincipal("lambda.amazonaws.com"))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.