使用 AWS CDK 将现有角色附加到 AWS Lambda
Attach an existing role to AWS Lambda with AWS CDK
我想将现有角色附加到使用 CDK 创建的 lambda
我正在做下面的事情
const role1 = iam.Role.fromRoleArn(this, 'Role', 'ARN', {
mutable: true,
});
const lambda1 = new lambda.Function(this, 'lambda1', {
runtime: lambda.Runtime.PYTHON_3_7,
code: lambda.Code.asset('lambda/lambda1_function'),
handler: 'lambda_function.lambda_handler',
role:role1,
reservedConcurrentExecutions: 1
});
当我 运行 cdk deploy
时出现以下异常
The role defined for the function cannot be assumed by Lambda. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID:
如果有人可以帮助解决这个问题
PS: 我正在使用打字稿 CDK@1.27.0
根据 role
参数文档:
Lambda execution role.
This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.
这可以通过授予 lambda 服务权限来实现:
role1.grant(new iam.ServicePrincipal("lambda.amazonaws.com"))
根据评论,问题是角色中的信任策略不正确。
通过将 lambda.amazonaws.com
添加到 trust policy 解决了该问题。
我想将现有角色附加到使用 CDK 创建的 lambda 我正在做下面的事情
const role1 = iam.Role.fromRoleArn(this, 'Role', 'ARN', {
mutable: true,
});
const lambda1 = new lambda.Function(this, 'lambda1', {
runtime: lambda.Runtime.PYTHON_3_7,
code: lambda.Code.asset('lambda/lambda1_function'),
handler: 'lambda_function.lambda_handler',
role:role1,
reservedConcurrentExecutions: 1
});
当我 运行 cdk deploy
时出现以下异常The role defined for the function cannot be assumed by Lambda. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID:
如果有人可以帮助解决这个问题 PS: 我正在使用打字稿 CDK@1.27.0
根据 role
参数文档:
Lambda execution role.
This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.
这可以通过授予 lambda 服务权限来实现:
role1.grant(new iam.ServicePrincipal("lambda.amazonaws.com"))
根据评论,问题是角色中的信任策略不正确。
通过将 lambda.amazonaws.com
添加到 trust policy 解决了该问题。