通过PUT触发到单独账户中的s3存储桶的AWS Lambda [英] AWS Lambda triggered by PUT to s3 bucket in separate account

问题描述

我试图触发Lambda函数以在更新s3存储桶时运行.我试图触发Lambda的s3存储桶在一个单独的AWS账户中.

I am trying to trigger a Lambda function to run on update to a s3 bucket. The s3 bucket that I am attempting to have trigger the Lambda is in a separate AWS account.

我尝试过的方法是在具有s3存储桶上所有特权的s3存储桶中设置一个角色.然后，在具有Lambda的帐户中，我扮演一个角色，并在另一个帐户中扮演了这样的角色:

The approach I have tried is setting up a role in the account that with the s3 bucket that has all the privileges on the s3 bucket. Then in the account with the Lambda I have a role with assumes the role in the other account like this:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "sts:AssumeRole"
        ],
        "Resource": [
            "arn:aws:iam::..."
        ]
    }
]
}

我无法在存储区列表中看到s3存储区以触发Lambda事件.

I am not able to see the s3 bucket in the list of buckets to trigger the Lambda event.

是否在单独的帐户中使用s3存储桶来触发Lambda?这是正确的解决方案吗?

Is using a s3 bucket in a separate account to trigger a Lambda possible? Is this the correct solution?

推荐答案

更新:看来实际上有可能通过S3跨帐户触发Lambda函数.请参阅:为AWS Lambda使用基于资源的策略( Lambda功能政策)

UPDATE: It appears that cross-account triggering of a Lambda function from S3 actually is possible. See: Using Resource-Based Policies for AWS Lambda (Lambda Function Policies)

旧答案:

Amazon S3 可以触发 AWS Lambda 功能.

但是，此触发器必须在存储桶本身上设置.您将需要存储区的所有者(或具有足够权限的人)将配置设置为触发Lambda.

However, this trigger must be setup on the bucket itself. You will need the owner of the bucket (or someone with sufficient permissions) to set the configuration to trigger Lambda.

此外，被调用的Lambda函数必须位于与Amazon S3存储桶相同的帐户中.您可以在一个帐户中创建Lambda函数，然后在另一个帐户中调用Lambda函数(具有足够的权限)，但是不可能，帐户A中的存储桶直接触发帐户中的Lambda函数B.

Also, the Lambda function being called must be in the same Account as the Amazon S3 bucket. You could create a Lambda function in one account that then calls a Lambda function in another account (given sufficient permissions), but it is not possible for a Bucket in Account A to directly trigger a Lambda function in Account B.

这篇关于通过PUT触发到单独账户中的s3存储桶的AWS Lambda的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！