使用AWS CDK为lambda指定自定义角色 [英] Specifying a custom role for lambda with the AWS CDK
问题描述
我意识到这是很新的东西,但是我看不到任何语言的示例,您如何指定使用AWS CDK创建的lambda的角色.
I realize it's pretty new but I don't see any examples in any language how you would specify a role for the lambda created with the AWS CDK.
我正在尝试这样做
const cdk = require('@aws-cdk/cdk');
const lambda = require('@aws-cdk/aws-lambda');
const iam = require('@aws-cdk/aws-iam');
const path = require('path');
class MyStack extends cdk.Stack {
constructor (parent, id, props) {
super(parent, id, props);
//
// Create a lambda...
const fn = new lambda.Function(this, 'MyFunction-cdktest', {
runtime: lambda.Runtime.NodeJS810,
handler: 'index.handler',
code: lambda.Code.directory( path.join( __dirname, 'lambda')),
role: iam.RoleName('lambda_basic_execution')
});
}
}
class MyApp extends cdk.App {
constructor (argv) {
super(argv);
new MyStack(this, 'hello-cdk');
}
}
console.log(new MyApp(process.argv).run());
以便尝试为该功能指定一个现有的IAM角色,但这似乎不是正确的语法.我也可以(或者甚至更喜欢)在此lambda上即时生成自定义角色,但是我也没有任何有关如何执行此操作的示例.
in order to try and specify an existing IAM role for the function but that doesn't seem to be correct syntax. I also would be ok with ( or maybe even prefer ) to generate the custom role on the fly specific to this lambda but I didn't see any examples on how to do that either.
有人对如何实现这一目标有任何见识吗?
Does anyone have any insight on how to accomplish this?
推荐答案
Lambda已经具有执行角色,并且已经具有基本的执行权限.如果要为其角色添加其他权限,请执行以下操作:
A Lambda already comes with an execution role, and it already has the basic execution permissions. If you want to add additional permissions to the role it has, do something like the following:
lambda.addToRolePolicy(new cdk.PolicyStatement()
.addResource('arn:aws:....')
.addAction('s3:GetThing'));
或者更好的是,使用便利功能之一来获得对某些资源的权限:
Or better yet, use one of the convenience functions for permissions on some resources:
bucket.grantRead(lambda.role);
这篇关于使用AWS CDK为lambda指定自定义角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
