AWS API Gateway错误:API Gateway没有权限承担提供的角色作为S3代理 [英] AWS API Gateway error: API Gateway does not have permission to assume the provided role as S3 proxy

问题描述

也有类似的问题，但它们有我尝试过的答案. 我不确定自己可能在做错什么，但会有所帮助.

There are similar questions but they have answers that I have tried. I'm not sure what I could be doing wrong but any help would appreciated.

测试详细信息:

方法执行测试中的错误；放置请求:

The Error from a method-execution test; PUT request:

Execution log for request test-request
Mon Oct 16 10:13:47 UTC 2017 : Starting execution for request: test-invoke-request
Mon Oct 16 10:13:47 UTC 2017 : HTTP Method: PUT, Resource Path: /pop-data-xmlz/test.xml
Mon Oct 16 10:13:47 UTC 2017 : Method request path: {item=test.xml, folder=pop-data-xmlz}
Mon Oct 16 10:13:47 UTC 2017 : Method request query string: {}
Mon Oct 16 10:13:47 UTC 2017 : Method request headers: {Content-Type=application/xml}
Mon Oct 16 10:13:47 UTC 2017 : Method request body before transformations: <test>
test string
</test>
Mon Oct 16 10:13:47 UTC 2017 : Request validation succeeded for content type application/json
Mon Oct 16 10:13:47 UTC 2017 : Execution failed due to configuration error: API Gateway does not have permission to assume the provided role
Mon Oct 16 10:13:47 UTC 2017 : Method completed with status: 500

我正在遵循API Gateway To S3教程( http://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html )，并尝试执行PUT请求.

I am following the API Gateway To S3 tutorial (http://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html) and attempting to execute a PUT request.

API网关位于us-east-1中，而S3存储桶位于us-east-2中.

The API Gateway is in us-east-1 and the S3 bucket in us-east-2.

创建的角色: APIGatewayProxyCustom

附加了一个策略(pop-date-ingest)，该策略允许对S3存储桶进行PUT请求.

A policy (pop-date-ingest) is attached that allows PUT request to S3 buckets.

角色具有信任关系集:

The Role has a trust relationship set:

推荐答案

要解决此问题，请在IAM中转到角色"的定义，然后选择"信任关系"选项卡.从此处编辑策略，并为主要服务添加apigateway.amazonaws.com，如下所示.

To fix this, go to the definition of your Role in the IAM and select the Trust Relationships tab. From here edit the policy and for the Principal Service add in apigateway.amazonaws.com as seen below.

这将授予 API网关除现有的Lambda权限外，还可以承担角色来运行您的功能的功能.

This will grant the API Gateway the ability to assume roles to run your function in addition to the existing Lambda permission.

{
   "Version": "2012-10-17",
   "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
            "Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
        },
        "Action": "sts:AssumeRole"
      }
    ]
}

这篇关于AWS API Gateway错误:API Gateway没有权限承担提供的角色作为S3代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！