堆栈内存溢出
  简体   繁体   English

AWS 用户无权访问此资源

[英]AWS User is not authorized to access this resource

 原文  2021-02-16 11:28:14       amazon-web-services/ aws-lambda/ postman/ aws-api-gateway/ auth0

问题描述

I'm new to AWS API Gateway and Lambda and I am wondering if anyone could help?我是 AWS API 网关和 Lambda 的新手,我想知道是否有人可以提供帮助?

在此处输入图像描述

  • I generate an access token using Auth0 and it works on postman returning all of the correct JSON data for the first lambda function call我使用 Auth0 生成一个访问令牌,它在 postman 上工作,为第一个 lambda function 调用返回所有正确的 JSON 数据

  • When I call the second lambda function on postman it says that the user is not Authorised for this resource:当我在 postman 上调用第二个 lambda function 时,它说用户未获得此资源的授权:

"Message": "User is not authorized to access this resource" “消息”:“用户无权访问此资源”

and

403 Forbidden

This only lasts for exactly 5 mins and then I can call the second function on Postman but cannot call the first anymore with the same error.这只持续整整 5 分钟,然后我可以在 Postman 上调用第二个 function,但不能再调用第一个并出现相同的错误。

Any ideas as to how I can solve this关于如何解决这个问题的任何想法

Thanks!谢谢!

2 个解决方案

解决方案1
 2 已采纳  2021-04-13 18:57:05

was also running into this issue.也遇到了这个问题。 Turns out my authorizer had caching enabled which meant it would reuse the same policy previously generated.原来我的授权人启用了缓存,这意味着它将重用之前生成的相同策略。 The TTL of the cache defaults to 5 minutes.缓存的 TTL 默认为 5 分钟。

On the dashboard, you can access the authorizers and disable the caching to stop this from happening or change the policy being generated to allow for all resources.在仪表板上,您可以访问授权者并禁用缓存以阻止这种情况发生或更改正在生成的策略以允许所有资源。

Hope this helped!希望这有帮助!

解决方案2
 1  2022-05-10 09:18:19

Most probably caching related on the API, for anyone looking for a solution to this in AWS SAM / Cloudformation, include ReauthorizeEvery: 0 as below:最有可能与 API 相关的缓存,对于在 AWS SAM / Cloudformation 中寻找解决方案的任何人,包括 ReauthorizeEvery: 0 如下:

  myAPI:
    Type: AWS::Serverless::Api
    Properties:
      Description: Some API description
      Name: someAPIName
      EndpointConfiguration:
        Type: REGIONAL
      StageName: !Ref EnvType # dev or prod
      Auth:
        DefaultAuthorizer: AWS_IAM
        Authorizers:
          AuthFunction:
            FunctionPayloadType: REQUEST
            FunctionArn: !GetAtt AuthFunction.Arn # your auth lambda
            Identity:
              Headers: # amend as you require
                - username
                - password
              ReauthorizeEvery: 0

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS 用户无权通过显式拒绝访问此资源 - AWS User is not authorized to access this resource with an explicit deny certificatemanager:changeResourceRecordSets 用户无权访问此资源 - certificatemanager:changeResourceRecordSets user is not authorized to access this resource AWS:AccessDeniedException:用户:{user} 无权执行:quicksight:ListDashboards on resource - AWS: AccessDeniedException: User: {user} is not authorized to perform: quicksight:ListDashboards on resource AWS IAM / QuickSight-用户无权执行:quicksight:资源上的GetDashboardEmbedUrl - AWS IAM / QuickSight - user is not authorized to perform: quicksight:GetDashboardEmbedUrl on resource AWS SES:用户无权对资源执行 ses:SendEmail - AWS SES: User is not authorized to perform ses:SendEmail on resource AWS ECR 用户无权执行:ecr-public:GetAuthorizationToken 对资源:* - AWS ECR user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: * 用户无权执行:iam:PassRole on resource error in create AWS codepipeline - User not authorized to perform: iam:PassRole on resource error in creating AWS codepipeline AWS AssumeRole - 用户无权对资源执行:sts:AssumeRole - AWS AssumeRole - User is not authorized to perform: sts:AssumeRole on resource AWS Boto3-用户无权在资源上执行sts :: AssumeRole吗? - AWS Boto3 - User is not authorized to perform sts::AssumeRole on resource? aws lambda - 用户无权执行:cognito-idp:ListUsers on resource - aws lambda - user is not authorized to perform: cognito-idp:ListUsers on resource
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM