I am trying to set user specific lambda policies using this example . Can someone tell me why this resource specification to access only a single lambda is wrong?
resource = "arn:aws:region:*:*:function:orderinputapi-alpha-writeMe";
when I use:
resource="*"
it works perfectly (the user has full access to all lambdas), but when I try to restrict access to only allow a single lambda function I get "user is not authorized to access the resource" when I try to access it. I confirmed the function is the exact name of the lambda.
The full policy statement being created by my code is:
{ Action: 'execute-api:Invoke',
Effect: 'Allow',
Resource:'arn:aws:region:*:*:function:orderinputapi-alpha-writeMe' }
There is an error with your ARN: Instead of arn:aws:region:*:*:function:orderinputapi-alpha-writeMe
, it should be arn:aws:lambda:*:*:function:orderinputapi-alpha-writeMe
Also, if you setting the permissions for the same region and account, you can simply drop *
so the ARN would be:
arn:aws:lambda:::function:orderinputapi-alpha-writeMe
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.