AWS API Gateway 错误:API Gateway 无权承担所提供的角色作为 S3 代理 [英] AWS API Gateway error: API Gateway does not have permission to assume the provided role as S3 proxy
问题描述
有类似的问题,但他们有我尝试过的答案.我不确定我可能做错了什么,但任何帮助都将不胜感激.
测试详情:
方法执行测试的错误;PUT 请求:
请求测试请求的执行日志Mon Oct 16 10:13:47 UTC 2017:开始执行请求:test-invoke-requestUTC 2017 年 10 月 16 日星期一 10:13:47:HTTP 方法:PUT,资源路径:/pop-data-xmlz/test.xmlMon Oct 16 10:13:47 UTC 2017:方法请求路径:{item=test.xml, folder=pop-data-xmlz}UTC 2017 年 10 月 16 日星期一 10:13:47:方法请求查询字符串:{}UTC 2017 年 10 月 16 日星期一 10:13:47:方法请求标头:{Content-Type=application/xml}UTC 2017 年 10 月 16 日星期一 10:13:47:转换前的方法请求正文:<test>测试字符串</测试>2017 年 10 月 16 日星期一 10:13:47 UTC:内容类型应用程序/json 的请求验证成功Mon Oct 16 10:13:47 UTC 2017:由于配置错误,执行失败:API Gateway 无权承担提供的角色UTC 2017 年 10 月 16 日星期一 10:13:47:方法完成,状态:500我正在关注 API Gateway To S3 教程 (
角色有一个信任关系集:
要解决此问题,请转到 IAM 中您的角色定义,然后选择信任关系选项卡.从这里编辑策略并为 Principal Service 添加 apigateway.amazonaws.com,如下所示.
这将授予 API 网关除了现有 Lambda 权限之外,还可以承担运行您的函数的角色.
{"版本": "2012-10-17",陈述": [{"Effect": "允许",主要的": {"服务": ["apigateway.amazonaws.com","lambda.amazonaws.com"]},"动作": "sts:AssumeRole"}]}There are similar questions but they have answers that I have tried. I'm not sure what I could be doing wrong but any help would appreciated.
Test details:
The Error from a method-execution test; PUT request:
Execution log for request test-request
Mon Oct 16 10:13:47 UTC 2017 : Starting execution for request: test-invoke-request
Mon Oct 16 10:13:47 UTC 2017 : HTTP Method: PUT, Resource Path: /pop-data-xmlz/test.xml
Mon Oct 16 10:13:47 UTC 2017 : Method request path: {item=test.xml, folder=pop-data-xmlz}
Mon Oct 16 10:13:47 UTC 2017 : Method request query string: {}
Mon Oct 16 10:13:47 UTC 2017 : Method request headers: {Content-Type=application/xml}
Mon Oct 16 10:13:47 UTC 2017 : Method request body before transformations: <test>
test string
</test>
Mon Oct 16 10:13:47 UTC 2017 : Request validation succeeded for content type application/json
Mon Oct 16 10:13:47 UTC 2017 : Execution failed due to configuration error: API Gateway does not have permission to assume the provided role
Mon Oct 16 10:13:47 UTC 2017 : Method completed with status: 500
I am following the API Gateway To S3 tutorial (http://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html) and attempting to execute a PUT request.
The API Gateway is in us-east-1 and the S3 bucket in us-east-2.
The created Role: APIGatewayProxyCustom
A policy (pop-date-ingest) is attached that allows PUT request to S3 buckets.
The Role has a trust relationship set:
To fix this, go to the definition of your Role in the IAM and select the Trust Relationships tab. From here edit the policy and for the Principal Service add in apigateway.amazonaws.com as seen below.
This will grant the API Gateway the ability to assume roles to run your function in addition to the existing Lambda permission.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}
这篇关于AWS API Gateway 错误:API Gateway 无权承担所提供的角色作为 S3 代理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
