新的 AWS Lambda URLs - 有人得到了 AWS_IAM 工作的“安全”版本吗?
[英]New AWS Lambda URLs - has anyone got the 'secure' version with the AWS_IAM working?
问题描述
I have a simple function that returns an item of text.
我有一个简单的 function 返回一个文本项。
When I set auth to NONE it works fine.当我将 auth 设置为 NONE 时,它工作正常。
When I set auth to AWS_IAM and create the resource based policy within the permissions section of AWS Lambda I set the following:当我将 auth 设置为 AWS_IAM 并在 AWS Lambda 的权限部分创建基于资源的策略时,我设置了以下内容:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "sid8",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxx:user/xxxxxxxxxx"
},
"Action": "lambda:InvokeFunctionUrl",
"Resource": "arn:aws:lambda:eu-west-1:xxxxxxxxx:function:simpleFunction",
"Condition": {
"StringEquals": {
"lambda:FunctionUrlAuthType": "AWS_IAM"
}
}
}
]
}
On this I get a forbidden error.在此我得到一个禁止的错误。
Every demo / example on the inte.net uses NONE for auth. inte.net 上的每个演示/示例都使用 NONE 进行身份验证。
I have also tried adding the lambda:InvokeFunctionUrl to the IAM policy of the user for the specified resource but still getting a forbidden error.我还尝试将lambda:InvokeFunctionUrl添加到指定资源的用户 IAM 策略中,但仍然出现禁止错误。
Am I missing something or does this aspect of the new function not work?我是不是遗漏了什么或者新 function 的这方面不起作用?
1 个解决方案
解决方案1
3 已采纳 2022-04-12 23:20:50
The problem is that when you are using IAM_AUTH you're required to sign your requests with SigV4 .问题是,当您使用IAM_AUTH时,您需要使用SigV4签署您的请求。 Essentially, this is identical to using API Gateway with IAM_AUTH type.本质上,这与使用 IAM_AUTH 类型的 API 网关相同。
There are multiple ways of signing requests you can even use botocore functionality to do so.有多种签署请求的方法,您甚至可以使用botocore功能来这样做。 The easiest would be to use awscurl or postman , also check this doco that confirms this requirement https://docs.aws.amazon.com/lambda/latest/dg/urls-invocation.html最简单的方法是使用awscurl或postman ,同时检查确认此要求的 doco https://docs.aws.amazon.com/lambda/latest/dg/urls-invocation.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.