Aws Lambda 无权执行:SNS:在资源上发布:+358
[英]Aws Lambda is not authorized to perform: SNS:Publish on resource: +358
问题描述
我已经制作了 Cognito PostConfirmation lambda function。当用户成功注册时,我想向他们发送短信。 为此,我正在使用AWS-SNS 。 我已经创建了一个 Sns 主题并附加到我的 PostConfirmation lambda function。我允许 lambda 用于 Sns 发布。 在 cloudwatch 中它说,lambda 没有授权执行此 Sns 发布。
我在 cloudwatch 中收到此错误:
PostConfirmation 无权执行:SNS:Publish on resource: +358.... 因为没有基于身份的策略允许 SNS:Publish 操作
我不确定我错过了什么。
这是我的 YAML 文件:
plugins:
- serverless-webpack
- serverless-offline
- serverless-plugin-warmup
- serverless-iam-roles-per-function
## post Confirmation
PostConfirmation:
handler: src/handlers/postConfirmation.postConfirmation
events:
- cognitoUserPool:
pool: ${self:provider.environment.COGNITO}
trigger: PostConfirmation
existing: true
iamRoleStatements:
- Effect: Allow
Action:
- cognito-idp:*
Resource: arn:aws:cognito-idp:*:*:*
- Effect: Allow
Action:
- dynamodb:PutItem
- lambda:InvokeFunction # Added this like mentioned above
Resource: 'arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.ITEM_TABLE}'
- Effect: Allow
Action:
- sns:Publish ## This is where I am giving my permisson
- sns:SetSMSAttributes
Resource: !Ref SendMessageSns ## Sns Topic
resources:
Resources:
SendMessageSns:
Type: AWS::SNS::Topic
Properties:
DisplayName: It will send sms when user successfully signUp
TopicName: ${self:service}-${opt:stage, self:provider.stage}-successful
这就是我尝试发布消息的方式
import { SNS } from '@aws-sdk/client-sns';
const snsClient = new SNS({ region: 'eu-north-1' });
exports.postConfirmation = async (event: any, context: any) => {
const messageParams = {
Message:
'congrats it works',
PhoneNumber: '+358.......',
};
try {
console.log('1');
const snsSucess = await snsClient.publish(messageParams);
console.log('Success.', snsSucess);
console.log('2');
context.done(null, event);
} catch (error) {
console.log('error', { error });
return {
statusCode: 500,
body: JSON.stringify(error),
};
}
};
1 个解决方案
解决方案1
1 2022-04-13 07:31:59
您允许发布到 SNS 主题,但正在尝试将 SMS 直接发送到电话号码。 发布到 SNS 主题时,您需要向该主题发布消息并订阅该主题的电话号码,请参阅https://docs.aws.amazon.com/sns/latest/dg/sms_publish-to-topic.html
或者,您可以直接发布到电话号码,但您需要修改 IAM 策略,并且还可能移出 SMS 沙箱 - https://docs.aws.amazon.com/sns/latest/dg/sms_publish-to-电话.html
AWS IAM Lambda“无权执行:lambda:GetFunction”
[英]AWS IAM Lambda "is not authorized to perform: lambda:GetFunction"
AWS StsClient:用户无权执行:sts:资源上的AssumeRole
[英]AWS StsClient: User not authorized to perform: sts:AssumeRole on resource
AWS,GitHub 操作:用户无权执行:sts:AssumeRole on resource (CodePipeline)
[英]AWS, GitHub Action: User is not authorized to perform: sts:AssumeRole on resource(CodePipeline)
AWS 节点 SDK 异步 SNS.publish.promise() 不会立即发送 SNS 消息(来自 Lambda)
[英]AWS Node SDK async SNS.publish.promise() does not send SNS message immediately (from Lambda)
Lambda 无权执行:cognito-idp:AdminInitiateAuth
[英]Lambda is not authorized to perform: cognito-idp:AdminInitiateAuth
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
AWS Lambda function:未授权执行
AWS IAM Lambda“无权执行:lambda:GetFunction”
无权执行:lambda:GetFunction
AWS StsClient:用户无权执行:sts:资源上的AssumeRole
AWS,GitHub 操作:用户无权执行:sts:AssumeRole on resource (CodePipeline)
AWS 节点 SDK 异步 SNS.publish.promise() 不会立即发送 SNS 消息(来自 Lambda)
无权执行:资源上的 sts:TagSession:***
通过 Lambda 在 SNS 队列上发布主题
Lambda 有时无法发布到 SNS 主题
Lambda 无权执行:cognito-idp:AdminInitiateAuth
相关标签