使用 AWS CDK 将现有角色附加到 AWS Lambda

Attach an existing role to AWS Lambda with AWS CDK

我想将现有角色附加到使用 CDK 创建的 lambda 我正在做下面的事情

  const role1 = iam.Role.fromRoleArn(this, 'Role', 'ARN', {
         mutable: true,
    });
 const lambda1 = new lambda.Function(this, 'lambda1', {
        runtime: lambda.Runtime.PYTHON_3_7,
        code: lambda.Code.asset('lambda/lambda1_function'),
        handler: 'lambda_function.lambda_handler',
        role:role1,
             reservedConcurrentExecutions: 1
    });

当我 运行 cdk deploy

时出现以下异常
The role defined for the function cannot be assumed by Lambda. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID:

如果有人可以帮助解决这个问题 PS: 我正在使用打字稿 CDK@1.27.0

根据 role 参数文档:

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

这可以通过授予 lambda 服务权限来实现:

role1.grant(new iam.ServicePrincipal("lambda.amazonaws.com"))

根据评论,问题是角色中的信任策略不正确。

通过将 lambda.amazonaws.com 添加到 trust policy 解决了该问题。