Where in the IAM can I see the policy configured using aws lambda add-permission?
Question
This AWS CLI command:
aws lambda add-permission --function-name my_test_Lambda_fn --statement-id test_id --principal iotanalytics.amazonaws.com --action lambda:InvokeFunction
Gives the following output:
{
"Statement": "{\"Sid\":\"test_id \",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"iotanalytics.amazonaws.com\"}...
}
I wanted to see the above in IAM console, so I tried looking at the roles used by IoTAnalytics and Lambda; and in their respective policies; but the above output is not part of any policy. Where in the IAM can I see the policy configured by the above AWS CLI command? I think that it configured at principal level, but where do I see it in the IAM console?
3 answers
solution1
2 ACCPTED 2020-10-30 12:10:43
This isn't actually an IAM policy (although it might resemble one). In fact it is a type of resource policy (in this case named Function policy ).
Certain services such as S3 , SNS , SQS and in this case Lambda have the ability to have a policy attached which dictates how other entities can interact with them such as other AWS accounts or services that do not support an attached IAM role.
From within the console on the Lambda function itself access the Permissions tab, then at the bottom of the page is a sub-item named Resource-based policy . This will contain the policy that you have added.
solution2
0 2020-10-30 12:05:53
您必须进入 Lambda 控制台,选择您的函数,然后您可以单击权限以查看附加到您的 lambda 的权限。
solution3
0 2020-10-30 12:10:47
These are resource-based permission for the lambda function. You can view them in AWS console -> Permissions -> Resource-based policy:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.