用于将基于资源的策略添加到 AWS 中的 Lambda 函数的 AWS SDK API 是什么?
What is the AWS SDK API for adding a Resource-based policy to a Lambda function in AWS?
我无法找到它,谷歌搜索广泛...我尝试使用 Amazon.Lambda.AmazonLambdaClient、Amazon.IdentityManagement.AmazonIdentityManagementServiceClient 和其他 API,但没有成功。
我可以使用 var policy = await lambdaClient.GetPolicyAsync(new GetPolicyRequest{FunctionName = "my-lambda" }); 阅读政策,但无法更改它。
在 AWS 控制台中,这是页面:
Grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function
Granting function access to AWS services
To grant Amazon S3 permission to invoke a function
var params = {
Action: "lambda:InvokeFunction",
FunctionName: "my-function",
Principal: "s3.amazonaws.com",
SourceAccount: "123456789012",
SourceArn: "arn:aws:s3:::my-bucket-1xpuxmplzrlbh/*",
StatementId: "s3"
};
lambda.addPermission(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
/*
data = {
Statement: "{\"Sid\":\"s3\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Action\":\"lambda:InvokeFunction\",\"Resource\":\"arn:aws:lambda:us-east-2:123456789012:function:my-function\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"123456789012\"},\"ArnLike\":{\"AWS:SourceArn\":\"arn:aws:s3:::my-bucket-1xpuxmplzrlbh\"}}}"
}
*/
});
我无法找到它,谷歌搜索广泛...我尝试使用 Amazon.Lambda.AmazonLambdaClient、Amazon.IdentityManagement.AmazonIdentityManagementServiceClient 和其他 API,但没有成功。
我可以使用 var policy = await lambdaClient.GetPolicyAsync(new GetPolicyRequest{FunctionName = "my-lambda" }); 阅读政策,但无法更改它。
在 AWS 控制台中,这是页面:
Grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function
Granting function access to AWS services
To grant Amazon S3 permission to invoke a function
var params = {
Action: "lambda:InvokeFunction",
FunctionName: "my-function",
Principal: "s3.amazonaws.com",
SourceAccount: "123456789012",
SourceArn: "arn:aws:s3:::my-bucket-1xpuxmplzrlbh/*",
StatementId: "s3"
};
lambda.addPermission(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
/*
data = {
Statement: "{\"Sid\":\"s3\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Action\":\"lambda:InvokeFunction\",\"Resource\":\"arn:aws:lambda:us-east-2:123456789012:function:my-function\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"123456789012\"},\"ArnLike\":{\"AWS:SourceArn\":\"arn:aws:s3:::my-bucket-1xpuxmplzrlbh\"}}}"
}
*/
});