[英]How to add a resource based policy to a Lambda function created using AWS SAM via AWS CDK?
I am using CDK to create AWS SAM functions using the following code:我正在使用 CDK 使用以下代码创建 AWS SAM 函数:
#!/usr/bin/env python3
from aws_cdk import core
from aws_cdk.aws_sam import CfnFunction
from aws_cdk.aws_iam import PolicyStatement, ServicePrincipal, PolicyDocument, Policy
import random
principal = ServicePrincipal("arn:aws:iam::111111111111:role/rolename")
app = core.App()
stack = core.Stack(app, "cdk-test")
fn = CfnFunction(
stack,
id=f"CfnFn{str(random.randrange(1000, 1000000))}",
**{
"handler": "handler",
"runtime": "python3.8",
"memory_size": 256,
"timeout": 10,
"code_uri": "code_uri"
}
)
app.synth()
I would like to invoke the Lambda function from another account, and would like to do this by attaching a resource based policy .我想从另一个帐户调用 Lambda function,并希望通过附加基于资源的策略来执行此操作。
This is easily achievable using aws_cdk.aws_lambda.Function
itself by calling the add_permission
method.这很容易通过调用add_permission
方法使用aws_cdk.aws_lambda.Function
本身来实现。
However, aws_cdk.aws_sam.CfnFunction
does not have an add_permission
method.但是, aws_cdk.aws_sam.CfnFunction
没有add_permission
方法。 Is there an another way to achieve this using SAM (with CDK)?是否有另一种方法可以使用 SAM(使用 CDK)来实现这一点? Or should I just leave SAM behind and switch to creating Lambda's directly.或者我应该把 SAM 抛在脑后,转而直接创建 Lambda。
This can be done achieved with the help of AWS::Lambda::Permission
using aws_cdk.aws_lambda.CfnPermission
.这可以在AWS::Lambda::Permission
的帮助下使用aws_cdk.aws_lambda.CfnPermission
来实现。
from aws_cdk import aws_lambda
aws_lambda.CfnPermission(
scope,
"CrossAccountInvocationPermission",
action="lambda:InvokeFunction",
function_name="FunctionName",
principal="arn:aws:iam::111111111111:role/rolename",
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.