堆栈内存溢出
  简体   繁体   English

有没有办法用 cloudformation 创建 aws lambda 执行角色?

[英]Is there a way to create aws lambda execution role with cloudformation?

 原文  2021-12-15 17:58:34       amazon-web-services/ aws-lambda/ amazon-cloudformation/ roles

问题描述

I'm trying to create a lambda fuction with cloudformation but it requires a lambda execution role - is there a way I can generate one using cloudformation?我正在尝试使用 cloudformation 创建一个 lambda 功能,但它需要一个 lambda 执行角色 - 有没有一种方法可以使用 cloudformation 生成一个功能?

2 个解决方案

解决方案1
 1  2021-12-15 18:11:12

Yes, CloudFormation can be used to create an IAM role.是的,CloudFormation 可用于创建 IAM 角色。 The lambda execution role is an IAM role like any other IAM role. lambda 执行角色是一个 IAM 角色,就像任何其他 IAM 角色一样。 The documentation for doing so shows this example:这样做的文档显示了这个例子:

MyRole:
  Type: AWS::IAM::Role
  Properties: 
    AssumeRolePolicyDocument: Json
    Description: String
    ManagedPolicyArns: 
      - String
    MaxSessionDuration: Integer
    Path: String
    PermissionsBoundary: String
    Policies: 
      - Policy
    RoleName: String
    Tags: 
      - Tag

Then in the lambda, you reference it using a ref to the name of the role resource.然后在 lambda 中,使用对角色资源名称的引用来引用它。 Ex:前任:

  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Role: !Ref MyRole

解决方案2
 0  2022-02-18 11:32:23

You can create an IAM role with a role policy where it will take region and account id from predefined AWS FloudFormation variables and assign it to lambda elements in cloud formation.您可以创建一个具有角色策略的 IAM 角色,它将从预定义的 AWS FloudFormation 变量中获取区域和账户 ID,并将其分配给云形成中的 lambda 元素。 please refer following example请参考以下示例

"Resources": {
    "AheadLambdaRole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
            "RoleName": {
                "Fn::Sub": "AHEADLambdaRole-${EnvName}"
            },
            "AssumeRolePolicyDocument": {
                "Statement": [
                    {
                        "Action": [
                            "sts:AssumeRole"
                        ],
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "lambda.amazonaws.com"
                            ]
                        }
                    }
                ],
                "Version": "2012-10-17"
            },
            "Policies": [{
                    "PolicyDocument" : {
                        "Version": "2012-10-17",
                        "Statement": [
                            {
                                "Effect": "Allow",
                                "Action": "logs:CreateLogGroup",
                                "Resource": {
                                    "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*"
                                }
                            },
                            {
                                "Effect": "Allow",
                                "Action": [
                                    "logs:CreateLogStream",
                                    "logs:PutLogEvents"
                                ],
                                "Resource": [
                                    { "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/LambdaName:*"}
                                ]
                            }
                        ]
                    },
                    "PolicyName" : "NameOfInlinepolicy"
                  }] 
         "ManagedPolicyArns": [
                "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess",
                "arn:aws:iam::aws:policy/AmazonSSMFullAccess"
            ],
            "Path": "/"
        }
    }}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS CDK - 在 Lambda Function 中有条件地创建角色 - AWS CDK - Create role conditionally in Lambda Function 如何使用 CLOUDFORMATION 将我的 aws 帐户中的现有角色附加到 aws 组件/Lambda 函数 - How to attach an EXISTING Role in my aws account to aws componennt/Lambda Funtion using CLOUDFORMATION 立即从所有功能中删除 Lambda 基本执行角色 AWS - Removing Lambda Basic Execution Role AWS from all the functions at once 有没有办法在 Airflow 得到 AWS Lambda 的执行结果? - Is there a way to get AWS Lambda's Execution Results in Airflow? 在 AWS SAM 中为 Lambda 赋予角色 - Giving a Lambda a role in AWS SAM AWS Lambda:提供的执行角色无权调用 EC2 上的 DescribeNetworkInterfaces - AWS Lambda:The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2 aws cloudformation lambda python 错误处理程序 - aws cloudformation lambda python bad handler 通过 cloudformation 的 AWS Lambda 计划事件源 - AWS Lambda scheduled event source via cloudformation AWS SAM/CloudFormation 模板 Lambda 删除保护 - AWS SAM/CloudFormation Template Lambda Delete Protection 无法创建 AWS CloudFormation 堆栈 - Unable to create AWS CloudFormation stack
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM