![](/img/trans.png)
[英]Is there a way to create aws lambda execution role with cloudformation?
[英]How to attach an EXISTING Role in my aws account to aws componennt/Lambda Funtion using CLOUDFORMATION
嗨 AWS Cloudformation 伙计们!
我需要将现有角色附加到我正在创建的 lambda function。
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Parameters:
LambdaRoleName:
Default: ExistingRoleCreatedInAwsAccount
Type: String
Resources:
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
Runtime: python3.9
Timeout: 5
Handler: lambda_function.handler
Role: !Ref ExistingRoleCreatedInAwsAccount
Code:
S3Bucket: 'lambda-bucket-abi'
S3Key: 'lambdaupload.zip'
ScheduledRule:
Type: AWS::Events::Rule
Properties:
Description: "ScheduledRule"
ScheduleExpression: "rate(5 minutes)"
State: "ENABLED"
Targets:
- Arn:
Fn::GetAtt:
- "LambdaFunction"
- "Arn"
Id: "TargetFunctionV1"
PermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref "LambdaFunction"
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn:
Fn::GetAtt:
- "ScheduledRule"
- "Arn"
提前致谢!
你似乎在正确的轨道上,出了什么问题?
您的参数称为“LambdaRoleName”。 请注意,它应该是您传递的 ARN 角色。
因此,当您部署堆栈时,将角色 arn 传递给参数:
aws cloudformation deploy --template-file your-template.yaml --stack-name your-stack-name --parameter-overrides LambdaRoleName=arn:aws:iam::123456789012:role/your-role --region eu-west-1
或将默认值更改为角色 ARN:
Parameters:
LambdaRoleName:
Default: arn:aws:iam::123456789012:role/your-role
Type: String
它应该是:
Role: !Ref LambdaRoleName
而不是
Role: !Ref ExistingRoleCreatedInAwsAccount
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.