CognitoIdentityCredentials无权执行:资源上的lambda:InvokeFunction [英] CognitoIdentityCredentials is not authorized to perform: lambda:InvokeFunction on resource
问题描述
我正在尝试从iOS客户端调用lambda函数。我的代码如下:
I am trying to invoke a lambda function from an iOS client. My code looks like this:
要获取凭据,请在appDelegate中:
To get credentials, in appDelegate:
func application(_ application: UIApplication,
didFinishLaunchingWithOptions launchOptions:
[UIApplicationLaunchOptionsKey: Any]?) -> Bool {
// Uncomment to turn on logging, look for "Welcome to AWS!" to confirm success
AWSDDLog.add(AWSDDTTYLogger.sharedInstance)
AWSDDLog.sharedInstance.logLevel = .error
// Instantiate AWSMobileClient to get AWS user credentials
return AWSMobileClient.sharedInstance().interceptApplication(application, didFinishLaunchingWithOptions: launchOptions)
}
并在viewController上调用:
And to invoke on the viewController:
class ViewController: UIViewController {
let lambdaInvoker = AWSLambdaInvoker.default()
let jsonObject: [String: Any] = ["key1" : "value1",
"key2" : 2 ,
"key3" : [1, 2],
"isError" : false]
@IBAction func button(_ sender: Any) {
print("pressed")
lambdaInvoker.invokeFunction("myTest", jsonObject: jsonObject)
.continueWith(block: {(task:AWSTask<AnyObject>) -> Any? in
if( task.error != nil) {
print("Error: \(task.error!)")
return nil
}
// Handle response in task.result
if let JSONDictionary = task.result as? NSDictionary {
print("Result: \(JSONDictionary)")
print("resultKey: \(JSONDictionary["resultKey"])")
}
return nil
})
}
它会引发此错误:
... Message=User: arn:aws:sts::103314601078:assumed-role/Cognito_testpoolUnauth_Role/CognitoIdentityCredentials is not authorized to perform: lambda:InvokeFunction on resource ...
我也设置了此角色:
{
"roleName": "myRoleTest",
"policies": [
{
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1464440182000",
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"*"
]
}
]
}
<我知道我需要为该资源添加权限才能调用该函数,但是我找不到在哪里或怎么做!非常感谢您的帮助...
I know I need to add permissions for that resource to invoke the function, but I can't find where or how to do it! I'd appreciate any help...
推荐答案
好,我不知道这是否对任何人都有用,但我解决了这个问题。事实证明,首先要正确使用AWS开发工具包,您需要创建一个身份池。如您所见,我做了所有这些工作,并将池ID和区域添加到配置文件中。我想念的是,您还需要向身份池添加权限才能使用lambda服务。
Ok, I don't know if this will be useful to anyone but I solved the issue. It turns out that to use the AWS SDK properly first you need to create an identity pool. I did all that, as you can see, and added the pool id and region to the configuration file. What I missed is that you also need to add permissions to the identity pool to use the lambda services.
因此,一旦创建了身份池,您将拥有两个新角色,一项身份验证和一项不身份验证。您应该转到IAM控制台,角色,找到有问题的角色(在我的情况下为unauth),然后将策略修改为以下形式:
So, once the identity pool is created you will have two new roles, one auth and one unauth. You should go to the IAM console, roles, locate the role in question (in my case unauth) and modify the policy to something like this:
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource":[
"*"
]
},
{
"Effect":"Allow",
"Action":[
"lambda:invokefunction"
],
"Resource":[
"arn:aws:lambda:us-east-1:account-id:function:yourFunctionName"
]
}
]
}
在此之后,您的资源应该能够调用lambda函数。
After this, your resource should be able to invoke the lambda function.
如果这不是最好的方法,请指出!
If this is not the best way please point it out!
编辑:
有实际值一项名为AWS Lambda Role的托管策略,可让您毫无问题地调用。
There is actually a managed policy called AWS Lambda Role that will let you invoke with no problems.
这篇关于CognitoIdentityCredentials无权执行:资源上的lambda:InvokeFunction的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
