AccessDeniedException:用户无权执行:lambda:InvokeFunction [英] AccessDeniedException: User is not authorized to perform: lambda:InvokeFunction

问题描述

我正在尝试从节点调用lambda函数.

I'm trying to invoke a lambda function from node.

var aws = require('aws-sdk');
var lambda = new aws.Lambda({
    accessKeyId: 'id',
    secretAccessKey: 'key',
    region: 'us-west-2'
});

lambda.invoke({
    FunctionName: 'test1',
    Payload: JSON.stringify({
        key1: 'Arjun',
        key2: 'kom',
        key3: 'ath'
    })
}, function(err, data) {
    if (err) console.log(err, err.stack);
    else     console.log(data);
});

密钥用于IAM用户.用户已附加AWSLambdaExecute和AWSLambdaBasicExecutionRole策略.

The keys are for an IAM user. The user has AWSLambdaExecute and AWSLambdaBasicExecutionRole policies attached.

我收到一个权限错误: AccessDeniedException: User: arn:aws:iam::1221321312:user/cli is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:1221321312:function:test1

I get a permission error: AccessDeniedException: User: arn:aws:iam::1221321312:user/cli is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:1221321312:function:test1

我阅读了文档和几个博客，但无法授权该用户调用lambda函数.如何让该用户调用lambda?

I read the docs and several blogs, but I'm unable to authorise this user to invoke the lambda function. How do get this user to invoke lambda?

谢谢.

推荐答案

AWSLambdaExecute和AWSLambdaBasicExecutionRole不提供错误中表示的权限.这两个托管策略均设计为附加到Lambda函数本身，因此它随这些策略一起运行.

The AWSLambdaExecute and AWSLambdaBasicExecutionRole do not provide the permissions that are being expressed in the error. Both of these managed policies are designed to be attached to your Lambda function itself, so it runs with these policies.

错误是说运行nodejs程序的用户没有启动Lambda函数的权限.

The error is saying the user under which the nodejs program is running does not have rights to start the Lambda function.

您需要授予IAM用户lambda:InvokeFunction权限:

You need to give your IAM user the lambda:InvokeFunction permission:

1. 在IAM管理控制台中找到您的用户，然后单击它.
2. 在权限"选项卡上，展开内联策略"部分，然后单击单击此处"链接以添加策略".
3. 选择自定义策略".
4. 给您的保单起一个名字.可以是任何东西.
5. 将此政策放在政策文档"字段中.

样品政策:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1464440182000",
            "Effect": "Allow",
            "Action": [
                "lambda:InvokeAsync",
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

在此政策中，我包括了两种方法来调用lambda方法.

In this policy, I have included both methods to invoke lambda methods.

更新:

现在还有一个名为AWSLambdaRole的IAM托管策略，您可以将其分配给您的IAM用户或IAM角色.这应该为您提供所需的权限.

There is now also an IAM Managed Policy named AWSLambdaRole that you can assign to your IAM user or IAM role. This should give you the permissions you need.

这篇关于AccessDeniedException:用户无权执行:lambda:InvokeFunction的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！