AWS API Gateway错误:API Gateway无权将提供的角色假定为S3代理
Kur*_*her 20 api amazon-s3 amazon-web-services aws-api-gateway
有类似的问题,但他们有我尝试过的答案.我不确定我做错了什么,但任何帮助都会赞赏.
测试细节:
方法执行测试的错误; PUT请求:
Execution log for request test-request
Mon Oct 16 10:13:47 UTC 2017 : Starting execution for request: test-invoke-request
Mon Oct 16 10:13:47 UTC 2017 : HTTP Method: PUT, Resource Path: /pop-data-xmlz/test.xml
Mon Oct 16 10:13:47 UTC 2017 : Method request path: {item=test.xml, folder=pop-data-xmlz}
Mon Oct 16 10:13:47 UTC 2017 : Method request query string: {}
Mon Oct 16 10:13:47 UTC 2017 : Method request headers: {Content-Type=application/xml}
Mon Oct 16 10:13:47 UTC 2017 : Method request body before transformations: <test>
test string
</test>
Mon Oct 16 10:13:47 UTC 2017 : Request validation succeeded for content type application/json
Mon Oct 16 10:13:47 UTC 2017 : Execution failed due to configuration error: API Gateway does not have permission to assume the provided role
Mon Oct 16 10:13:47 UTC 2017 : Method completed with status: 500
我正在关注API Gateway To S3教程(http://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html)并尝试执行PUT请求.
API网关位于us-east-1,而S3 bucket位于us-east-2.
创建的角色:APIGatewayProxyCustom
附加了一个策略(pop-date-ingest),允许PUT请求到S3存储桶.
角色具有信任关系集:
Vij*_*han 47
要解决此问题,请转到IAM中的角色,然后选择"信任关系"选项卡.从这里编辑策略,并为主要服务添加"apigateway.amazonaws.com",如下所示.除了现有的lambda权限之外,这将授予API网关承担运行函数的角色的能力.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}- 非常感谢!阻止我发疯。官方文档再一次没有提到这一点,对他们来说非常糟糕! (5认同)
- 但有疑问,我看到具有相同JSON的信任关系。 (2认同)
| 归档时间: |
|
| 查看次数: |
9087 次 |
| 最近记录: |