[英]AWS Lambda Functions: it doesn't show list of existing roles
I have created a Role in IAM
with AmazonEC2FullAccess
based policy.我使用基于
AmazonEC2FullAccess
的策略在IAM
中创建了一个角色。 This role is properly created in IAM
.此角色已在
IAM
中正确创建。 But the same role is not appearing to attach for lambda
function.但是对于
lambda
function 似乎没有附加相同的角色。
Can someone please help.有人可以帮忙吗? I have the admin access and with this I'm getting below error.
我有管理员访问权限,因此我遇到了以下错误。
(AccessDenied) when calling the PutMetricAlarm operation: User: arn:aws:sts::xxx:assumed-role/lambdaEC2fullaccess/StopEc2 is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::xxx:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents"
From your screenshot, it appears that the AmazonEC2FullAccess
role is for EC2 instance , not lambda. You can verify this by going into the IAM console, clicking on the AmazonEC2FullAccess
and checking its trust relationship .从您的屏幕截图来看,
AmazonEC2FullAccess
角色似乎是针对 EC2 实例,而不是 lambda。您可以通过进入 IAM 控制台,单击AmazonEC2FullAccess
并检查其信任关系来验证这一点。
If the trust policy is for instance, it will look like:例如,如果信任策略是这样的,它将如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
However, IAM trust policy for lambda should look like:但是, lambda 的 IAM 信任策略应如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
You can edit the trust policy, and refresh your lambda console window. Or you can create new role for lambda from the beginning.您可以编辑信任策略,并刷新您的 lambda 控制台 window。或者您可以从头开始为 lambda 创建新角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.