stackoom
  简体   繁体   中英

Is it possible to invoke a lambda in code pipeline from a different account using CDK?

 原文  2021-02-25 15:50:30       typescript/ amazon-web-services/ aws-lambda/ aws-cdk/ aws-codepipeline

Question

I am creating a pipeline through CloudFormation using CDK(TS), as part of this pipeline there is a step where I need to create a LambdaInvokeAction to call a lambda function with certain parameters. However this lambda function is from a different account, and when the template is generated, it is configuring codepipeline to find the lambda on the account is running.

This is the bit that tries to get the lambda:

const lambdaFunction = Function.fromFunctionAttributes(this, 'LambdaToUse', {
  functionArn: 'arn:aws:lambda:{region}:{external-account}:function:lambda-to-use',
  sameEnvironment: false,
  role: Role.fromArn(role-from-another-account),
});

This is the code that creates the invoke action:

    new LambdaInvokeAction({
      actionName: 'MyActionName',
      lambda: lambdaFunction,
      role: codePipelineExecutionRole,
      inputs: [buildOutput],
      userParameters: {
        // Parameters for the lambda function
      }
    });

I don't know if this is possible using CDK.

2 answers

solution1
 0  2021-02-27 20:58:32

{
    stageName: 'InvokeLamabda',
    actions: [
    new codepipeline_actions.LambdaInvokeAction({
        actionName: 'InvokeAction',
        inputs: [buildOutput],
        userParameters: {
        // Parameters for the lambda function
        }
        role: iam.Role.fromRoleArn(this,'role',
        'arn:aws:iam::1234567890:role/crossaccountcodepipeline',
        {mutable:false
        }),
        lambda: lambda.Function.fromFunctionAttributes(this, 'LambdaToInvoke', {
        functionArn: 'arn:aws:lambda:us-east-1:1234567890:function:myfunction',
        sameEnvironment: false
        }),
    }),
    ],
},

Make sure you have given the necessary permissions to the role to invoke the lambda

Create a pipeline in CodePipeline that uses resources from another AWS account

solution2
 0  2021-03-01 07:42:10

The problem seems to be that I was trying to use LambdaInvokeAction from CDK, it seems it tries to find the lambda within the same account (I don't know if it can be configured not to do this). Creating a class from Action instead sorted my issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is there a way to bundle typescript lambda that is using external modules and pass to cdk lambda.Code.fromAsset Subscribe a sqs queue to a sns topic that is in a different account, using aws cdk(typescript) Using CDK to build IAM Role for lambda function How to pass values from CDK into a lambda AWS CDK Code Pipeline Development - error TS1005: ']' expected VPC peering (2 VPCS are in 2 different account) via AWS CDK Typescript Is it possible to run cdk commands from an IAM role? Deploying Lambda function (not as part of an Application) using AWS CDK How to fix Lambda Warmup (Cold Start fix) Using CDK and Typescript AWS CDK Typescript, how to trigger step function from lambda?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM