[英]AWS AppConfig Validation Lambda Policy in SAM Template
I'm trying to add a policy to a lambda to allow AppConfig to invoke it.我正在尝试向 lambda 添加策略以允许 AppConfig 调用它。 I can do this through the terminal using this command:
我可以使用以下命令通过终端执行此操作:
aws lambda add-permission --function-name ConfigValidator.Arn --action lambda:InvokeFunction --statement-id appconfig --principal appconfig.amazonaws.com --output json --region eu-west-1
But how can this be done automatically through the SAM template?但是如何通过 SAM 模板自动完成?
Here is how I do this:这是我如何做到这一点:
Here is the code using CDK (CDK is the latest and greatest tool to create AWS resources, I highly recommend using it!).这是使用 CDK 的代码(CDK 是创建 AWS 资源的最新最好的工具,我强烈推荐使用它!)。
If you don't want to use CDK you can manually setup the same managed policies by hand.如果您不想使用 CDK,您可以手动设置相同的托管策略。
Detailed example below:详细示例如下:
const resourceArn = `arn:aws:appconfig:${props.region}:${props.accountId}:application/${this.appConfigApplication.ref}*`
this.appConfigReaderManagedPolicy = new ManagedPolicy(this, `AppConfigReader-${id}`, {
managedPolicyName: `AppConfigReader-${id}`,
description: `Readonly access to ${id}`,
statements: [
new PolicyStatement({
resources: [resourceArn],
actions: [
'appconfig:GetConfiguration',
'appconfig:GetApplication',
]
})
]
})
//assuming your lambda is already configured somewhere
this.lambdaFunction.role.addManagedPolicy(this.appConfigReaderManagedPolicy)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.