[英]How to write Resource-based policy in Cloudformation
我想從外部 AWS 賬戶調用 Lambda,我設法通過在控制台的基於資源的策略選項卡(Lambda > 配置 > 權限 > 基於資源的策略)中創建策略語句來做到這一點。 雖然,我找不到在我的 CloudFormation 模板中編寫這樣的策略的方法。 這是我寫的:
InvokePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: 'InvokeLambdaFromGateway'
Roles:
- !Sub "arn:aws:iam::${AWS::AccountId}:role/NameOfLambda"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: InvokeLambdaExternally
Effect: Allow
Resource:
- !Ref NameOfLambda
Action:
- lambda:InvokeFunction
Principal:
AWS: ["arn:aws:iam::AccountIUseToInvokeTheLambda:root"]
但我收到此錯誤: IAM Resource Policy statement shouldnt have Principal or NotPrincipal 。
如何使用 Principal 定義將該策略附加到我的 Lambda?
此錯誤是因為您沒有將主體添加到策略中。 您需要添加權限:
permission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt function.Arn
Action: lambda:InvokeFunction
Principal: 123456789012
在文檔中閱讀更多內容。
如何使用 CloudFormation (CFN) 為 AWS pinpoint 創建基於資源的策略?
[英]How to create resource-based policy for AWS pinpoint using CloudFormation (CFN)?
如何通過 serverles.yml 在我的 lambda 中提供基於資源的策略?
[英]How can I provide resource-based policy in my lambda via serverles.yml?
什么是 AWS SDK API 用於將基於資源的策略添加到 AWS F 中的 Lambda ZC1C425268E68385D1AB5074?
[英]What is the AWS SDK API for adding a Resource-based policy to a Lambda function in AWS?
Lambda 基於資源的策略中本金和源帳戶之間的區別
[英]Difference between principal and source-account in Lambda Resource-Based Policy
如何使用 CloudFormation 為 CloudWatch Logs 定義資源策略?
[英]How to define Resource Policy for CloudWatch Logs with CloudFormation?
當角色固有地具有 1 個或多個策略時,在 Lambda 中為角色和基於資源的策略提供選項的目的是什么?
[英]What is the purpose of having an option for both role and resource-based policy in Lambda when role inherently has 1 or more policies?
如何在 cloudformation 策略文檔中引用資源 ARN? (山葯)
[英]How to reference a resource ARN in a cloudformation policy document ? (yaml)
如何為 Cloudformation 創建基於堆棧狀態的 IAM 策略?
[英]How to create an IAM policy for Cloudformation, which is based on a stack state?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.