使用 AWS CDK 将现有角色附加到 AWS Lambda
[英]Attach an existing role to AWS Lambda with AWS CDK
问题描述
I want to attach and existing role to a lambda created using CDK I am doing the below
我想将现有角色附加到使用 CDK 创建的 lambda 我正在执行以下操作
const role1 = iam.Role.fromRoleArn(this, 'Role', 'ARN', {
mutable: true,
});
const lambda1 = new lambda.Function(this, 'lambda1', {
runtime: lambda.Runtime.PYTHON_3_7,
code: lambda.Code.asset('lambda/lambda1_function'),
handler: 'lambda_function.lambda_handler',
role:role1,
reservedConcurrentExecutions: 1
});
getting the below exception when I run cdk deploy运行 cdk deploy 时出现以下异常
The role defined for the function cannot be assumed by Lambda. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID:
If someone could help to fix this PS: I am using typescript CDK@1.27.0如果有人可以帮助解决这个问题 PS:我正在使用 typescript CDK@1.27.0
2 个解决方案
解决方案1
2 2020-05-14 21:29:45
Based on the comments, the issue was incorrect trust policy in the role.根据评论,问题是角色中的信任策略不正确。
The issue was solved by adding lambda.amazonaws.com to the trust policy .该问题已通过将lambda.amazonaws.com添加到trust policy得到解决。
解决方案2
1 已采纳 2020-05-14 04:02:29
As per the role parameter documentation:根据role参数文档:
Lambda execution role.
This is the role that will be assumed by the function upon execution.
this can be achieved by granting permission to lambda service:这可以通过授予 lambda 服务权限来实现:
role1.grant(new iam.ServicePrincipal("lambda.amazonaws.com"))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.