SAM 模板中的 AWS AppConfig 验证 Lambda 策略
[英]AWS AppConfig Validation Lambda Policy in SAM Template
问题描述
I'm trying to add a policy to a lambda to allow AppConfig to invoke it.
我正在尝试向 lambda 添加策略以允许 AppConfig 调用它。 I can do this through the terminal using this command:我可以使用以下命令通过终端执行此操作:
aws lambda add-permission --function-name ConfigValidator.Arn --action lambda:InvokeFunction --statement-id appconfig --principal appconfig.amazonaws.com --output json --region eu-west-1
But how can this be done automatically through the SAM template?但是如何通过 SAM 模板自动完成?
1 个解决方案
解决方案1
0 2021-11-26 19:42:47
Here is how I do this:这是我如何做到这一点:
- Create a managed policy with access to your AppConfig创建可访问您的 AppConfig 的托管策略
- Attach that managed policy to the role your lambda is configured to use将该托管策略附加到您的 lambda 配置为使用的角色
Here is the code using CDK (CDK is the latest and greatest tool to create AWS resources, I highly recommend using it!).这是使用 CDK 的代码(CDK 是创建 AWS 资源的最新最好的工具,我强烈推荐使用它!)。
If you don't want to use CDK you can manually setup the same managed policies by hand.如果您不想使用 CDK,您可以手动设置相同的托管策略。
Detailed example below:详细示例如下:
Create a managed policy with access to your AppConfig创建可访问您的 AppConfig 的托管策略
const resourceArn = `arn:aws:appconfig:${props.region}:${props.accountId}:application/${this.appConfigApplication.ref}*`
this.appConfigReaderManagedPolicy = new ManagedPolicy(this, `AppConfigReader-${id}`, {
managedPolicyName: `AppConfigReader-${id}`,
description: `Readonly access to ${id}`,
statements: [
new PolicyStatement({
resources: [resourceArn],
actions: [
'appconfig:GetConfiguration',
'appconfig:GetApplication',
]
})
]
})
Attach that managed policy to the role your lambda is configured to use将该托管策略附加到您的 lambda 配置为使用的角色
//assuming your lambda is already configured somewhere
this.lambdaFunction.role.addManagedPolicy(this.appConfigReaderManagedPolicy)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.