Aws Lambda 無權執行:SNS:在資源上發布:+358
[英]Aws Lambda is not authorized to perform: SNS:Publish on resource: +358
問題描述
我已經制作了 Cognito PostConfirmation lambda function。當用戶成功注冊時,我想向他們發送短信。 為此,我正在使用AWS-SNS 。 我已經創建了一個 Sns 主題並附加到我的 PostConfirmation lambda function。我允許 lambda 用於 Sns 發布。 在 cloudwatch 中它說,lambda 沒有授權執行此 Sns 發布。
我在 cloudwatch 中收到此錯誤:
PostConfirmation 無權執行:SNS:Publish on resource: +358.... 因為沒有基於身份的策略允許 SNS:Publish 操作
我不確定我錯過了什么。
這是我的 YAML 文件:
plugins:
- serverless-webpack
- serverless-offline
- serverless-plugin-warmup
- serverless-iam-roles-per-function
## post Confirmation
PostConfirmation:
handler: src/handlers/postConfirmation.postConfirmation
events:
- cognitoUserPool:
pool: ${self:provider.environment.COGNITO}
trigger: PostConfirmation
existing: true
iamRoleStatements:
- Effect: Allow
Action:
- cognito-idp:*
Resource: arn:aws:cognito-idp:*:*:*
- Effect: Allow
Action:
- dynamodb:PutItem
- lambda:InvokeFunction # Added this like mentioned above
Resource: 'arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.ITEM_TABLE}'
- Effect: Allow
Action:
- sns:Publish ## This is where I am giving my permisson
- sns:SetSMSAttributes
Resource: !Ref SendMessageSns ## Sns Topic
resources:
Resources:
SendMessageSns:
Type: AWS::SNS::Topic
Properties:
DisplayName: It will send sms when user successfully signUp
TopicName: ${self:service}-${opt:stage, self:provider.stage}-successful
這就是我嘗試發布消息的方式
import { SNS } from '@aws-sdk/client-sns';
const snsClient = new SNS({ region: 'eu-north-1' });
exports.postConfirmation = async (event: any, context: any) => {
const messageParams = {
Message:
'congrats it works',
PhoneNumber: '+358.......',
};
try {
console.log('1');
const snsSucess = await snsClient.publish(messageParams);
console.log('Success.', snsSucess);
console.log('2');
context.done(null, event);
} catch (error) {
console.log('error', { error });
return {
statusCode: 500,
body: JSON.stringify(error),
};
}
};
1 個解決方案
解決方案1
1 2022-04-13 07:31:59
您允許發布到 SNS 主題,但正在嘗試將 SMS 直接發送到電話號碼。 發布到 SNS 主題時,您需要向該主題發布消息並訂閱該主題的電話號碼,請參閱https://docs.aws.amazon.com/sns/latest/dg/sms_publish-to-topic.html
或者,您可以直接發布到電話號碼,但您需要修改 IAM 策略,並且還可能移出 SMS 沙箱 - https://docs.aws.amazon.com/sns/latest/dg/sms_publish-to-電話.html
AWS IAM Lambda“無權執行:lambda:GetFunction”
[英]AWS IAM Lambda "is not authorized to perform: lambda:GetFunction"
AWS StsClient:用戶無權執行:sts:資源上的AssumeRole
[英]AWS StsClient: User not authorized to perform: sts:AssumeRole on resource
AWS,GitHub 操作:用戶無權執行:sts:AssumeRole on resource (CodePipeline)
[英]AWS, GitHub Action: User is not authorized to perform: sts:AssumeRole on resource(CodePipeline)
AWS 節點 SDK 異步 SNS.publish.promise() 不會立即發送 SNS 消息(來自 Lambda)
[英]AWS Node SDK async SNS.publish.promise() does not send SNS message immediately (from Lambda)
Lambda 無權執行:cognito-idp:AdminInitiateAuth
[英]Lambda is not authorized to perform: cognito-idp:AdminInitiateAuth
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
AWS Lambda function:未授權執行
AWS IAM Lambda“無權執行:lambda:GetFunction”
無權執行:lambda:GetFunction
AWS StsClient:用戶無權執行:sts:資源上的AssumeRole
AWS,GitHub 操作:用戶無權執行:sts:AssumeRole on resource (CodePipeline)
AWS 節點 SDK 異步 SNS.publish.promise() 不會立即發送 SNS 消息(來自 Lambda)
無權執行:資源上的 sts:TagSession:***
通過 Lambda 在 SNS 隊列上發布主題
Lambda 有時無法發布到 SNS 主題
Lambda 無權執行:cognito-idp:AdminInitiateAuth
相關標簽