是否可以使用认知用户池标识来调用Lambda函数？ [英] Is it possible to invoke a Lambda function with a cognito userpool identity?

问题描述

我想使用Javascript API调用Lambda函数。

I want to invoke a Lambda function using the Javascript API.

我希望使用在浏览器上进行身份验证的用户的认知用户池凭据来调用它

I want it to be invoked with the cognito userpool credentials of the user who is authenticated on the browser.

目标是Lambda函数将具有与Cognito用户池中的用户相同的S3访问级别。

The objective is that the Lambda function will have the same level of access to S3 as the user from the cognito userpool.

我该怎么做？

谢谢

推荐答案

您可以通过使用Cognito联合身份联合用户池令牌来做到这一点，这将为您提供临时的AWS凭证来调用AWS Lambda函数。您将需要创建一个身份池并创建具有权限 lambda：InvokeFunction 的角色。

You can do that by federating user pool token with Cognito federated identity, this will give you temporary AWS credentials to call AWS Lambda function. You will need to create an identity pool and create a role with permission lambda:InvokeFunction.

还请记住，如果您选择基于身份验证角色的解析，并且希望将其限制为子集，则用户池的所有用户都将能够调用lambda函数的用户，您可以使用用户池中的组以及联合身份中基于令牌或基于规则的映射来确定角色。

Also keep in mind that, all the users of user pool will be able to call lambda function if you choose authentication role based resolution, if you want to restrict it to subset of users, you can use groups in user pools and token or rule based mapping in federated identities to determine the role.

这篇关于是否可以使用认知用户池标识来调用Lambda函数？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！