4 python amazon-web-services amazon-iam aws-lambda aws-cdk
我有一个 Lambda 函数,它利用 AWS Python SDK 来管理 AWS CodeCommit 存储库。我使用 CDK 创建 Lambda 函数,如下所示:
from aws_cdk import aws_lambda as _lambda
from aws_cdk.aws_lambda_python import PythonFunction
service = PythonFunction(
self, 'Svc',
entry='./path/to',
index='file.py',
runtime=_lambda.Runtime.PYTHON_3_8,
handler='handler',
)
部署后,我运行 Lambda 函数,出现以下错误,该错误被发送到 CloudWatch 日志:
An error occurred (AccessDeniedException) when calling the GetRepository operation: User: arn:aws:iam::XXXXXXXXXXXX:user/XXXX is not authorized to perform: codecommit:GetRepository on resource: arn:aws:codecommit:us-east-1:XXXXXXXXXXXX:XXXX
如何允许 Lambda 函数调用codecommit:GetRepository我账户中的任何存储库?
小智 9
创建 IAM 策略声明并将其添加到您的函数的角色策略中:
from aws_cdk import aws_iam as iam
service.add_to_role_policy(iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
'codecommit:*',
],
resources=[
'arn:aws:codecommit:us-east-1:XXXXXXXXXXXX:*',
],
))
| 归档时间: |
|
| 查看次数: |
8329 次 |
| 最近记录: |