[英]How to add IAM permission to cloudfront in order to associate lambda@edge?
我正在尝试使用 CDK 更新我的 CloudFront 发行版。 更新时,它提到此错误消息。
Lambda@Edge cannot retrieve the specified Lambda function. Update the IAM policy to add permission: lambda:GetFunction for resource: arn:aws:lambda:us-east-1:xxxxxxxx:function:edge-lambda-stack-xxxxxxx-xxxxxxxx-xxxxxxx:1
检查后,我发现这个 aws 文档链接https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html
但是我无法理解在哪里添加这些权限,有人可以指导我在哪里添加 lambda:GetFunction 权限。
CDK代码
const uriRedirector = new cloudfront.experimental.EdgeFunction(
this,
'UriRedirector',
{
code: lambda.Code.fromAsset('dist/events/object-cache/uri-redirector'),
runtime: lambda.Runtime.NODEJS_14_X,
handler: 'index.handle',
}
)
this.distribution = new cloudfront.Distribution(this, 'Distribution2', {
defaultBehavior: {
origin: s3Origin,
edgeLambdas: [
{
functionVersion: uriRedirector.currentVersion,
eventType: cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST,
},
],
originRequestPolicy: defaultBehaviourOriginRequestPolicy,
viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.HTTPS_ONLY,
allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
},
....
enter code here
const cfnDistribution = this.distribution.node
.defaultChild as cloudfront.CfnDistribution
cfnDistribution.overrideLogicalId(props.oldDistributionLogicalId)
您将在 IAM 中创建 IAM 策略并将策略附加到用户或角色
默认情况下 AWS Lambda 自动创建角色,您可以将策略附加到角色
政策
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Lambda", "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListTags", "lambda:RemovePermission", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:GetLayerVersion" ], "Resource": [ "arn:aws:lambda:us-east-1:xxxxxxxx:function:edge-lambda-stack-xxxxxxx-xxxxxxxx-xxxxxxx:*" ] } ] }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.