AccessDeniedException:用户无权执行:lambda:InvokeFunction [英] AccessDeniedException: User is not authorized to perform: lambda:InvokeFunction
问题描述
我正在尝试从节点调用lambda函数.
I'm trying to invoke a lambda function from node.
var aws = require('aws-sdk');
var lambda = new aws.Lambda({
accessKeyId: 'id',
secretAccessKey: 'key',
region: 'us-west-2'
});
lambda.invoke({
FunctionName: 'test1',
Payload: JSON.stringify({
key1: 'Arjun',
key2: 'kom',
key3: 'ath'
})
}, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});
密钥用于IAM用户.用户已附加AWSLambdaExecute
和AWSLambdaBasicExecutionRole
策略.
The keys are for an IAM user. The user has AWSLambdaExecute
and AWSLambdaBasicExecutionRole
policies attached.
我收到一个权限错误:
AccessDeniedException: User: arn:aws:iam::1221321312:user/cli is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:1221321312:function:test1
I get a permission error:
AccessDeniedException: User: arn:aws:iam::1221321312:user/cli is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:1221321312:function:test1
我阅读了文档和几个博客,但无法授权该用户调用lambda函数.如何让该用户调用lambda?
I read the docs and several blogs, but I'm unable to authorise this user to invoke the lambda function. How do get this user to invoke lambda?
谢谢.
推荐答案
AWSLambdaExecute
和AWSLambdaBasicExecutionRole
不提供错误中表示的权限.这两个托管策略均设计为附加到Lambda函数本身,因此它随这些策略一起运行.
The AWSLambdaExecute
and AWSLambdaBasicExecutionRole
do not provide the permissions that are being expressed in the error. Both of these managed policies are designed to be attached to your Lambda function itself, so it runs with these policies.
错误是说运行nodejs程序的用户没有启动Lambda函数的权限.
The error is saying the user under which the nodejs program is running does not have rights to start the Lambda function.
您需要授予IAM用户lambda:InvokeFunction
权限:
You need to give your IAM user the lambda:InvokeFunction
permission:
- 在IAM管理控制台中找到您的用户,然后单击它.
- 在权限"选项卡上,展开内联策略"部分,然后单击单击此处"链接以添加策略".
- 选择自定义策略".
- 给您的保单起一个名字.可以是任何东西.
- 将此政策放在政策文档"字段中.
样品政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1464440182000",
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"*"
]
}
]
}
在此政策中,我包括了两种方法来调用lambda方法.
In this policy, I have included both methods to invoke lambda methods.
更新:
现在还有一个名为AWSLambdaRole
的IAM托管策略,您可以将其分配给您的IAM用户或IAM角色.这应该为您提供所需的权限.
There is now also an IAM Managed Policy named AWSLambdaRole
that you can assign to your IAM user or IAM role. This should give you the permissions you need.
这篇关于AccessDeniedException:用户无权执行:lambda:InvokeFunction的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!