Kinesis跨帐户Lambda触发 [英] Cross-account lambda trigger by kinesis
问题描述
我正在尝试通过帐户"A"中的Kinesis流触发帐户"B"中的lambda.这类似于此处 ,除了该示例使用S3代替Kinesis.
I'm trying to trigger a lambda in account 'B' by a Kinesis stream in account 'A'. This is similar to what's described here, except the example uses S3 instead of Kinesis.
为此,我正在尝试设置正确的权限,但是遇到了困难.
To do this, I'm trying to set up the right permissions, but running into difficulties.
首先,我添加此权限:
aws lambda add-permission \
--function-name "$function_name" \
--statement-id 'Id-123' \
--action "lambda:InvokeFunction" \
--principal $source_account \
--source-arn "$stream_arn" \
--source-account $source_account \
--region us-east-1 \
--profile "$profile"
$source_account是"A"的帐户ID.
Where $source_account is the account ID for 'A'.
然后我尝试创建源映射:
Then I attempt to create the source mapping:
aws lambda create-event-source-mapping \
--event-source-arn "$stream_arn" \
--function-name "$function_name" \
--starting-position TRIM_HORIZON \
--region us-east-1 \
--profile "$profile"
然后出现以下错误:
调用CreateEventSourceMapping操作时发生客户端错误(InvalidParameterValueException):角色和事件源必须与云函数位于同一帐户中
A client error (InvalidParameterValueException) occurred when calling the CreateEventSourceMapping operation: Role and event source must be in the same account as the cloud function
我不明白此错误.这是说我想做的事是不可能的吗?但是,它是如何实现的呢?在这里与S3基本上是相同的机制?
I don't understand this error. Is it saying what I'm trying to do is impossible? But then how was it accomplished here with S3, which is essentially the same mechanism?
推荐答案
到Amazon Kinesis流的AWS Lambda函数仅在两者都在同一帐户中时起作用.
AWS Lambda function to an Amazon Kinesis stream only works when both in the same account.
如果要调用帐户B中的功能,可以将部署在帐户A中的扇出功能钩接到帐户A中的流中,并要求它以交叉帐户角色调用帐户B中的功能.目标类型为Lambda并在帐户B中指定一个角色.
If you want to call functions in account B, you can hook the fan out function deployed in account A to your stream in account A, and ask it to call with a cross-account role a function in account B. create a target of type Lambda and specify a role in account B.
- https://github.com/aws-samples/aws-lambda-fanout
- How to fanout an AWS kinesis stream?
这篇关于Kinesis跨帐户Lambda触发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
