我正在尝试使用 BOTO3 创建一个调用 lambda 函数的 Api 网关方法。到目前为止,我无法找到如何授予必要的权限。
奇怪的是,通过 AWS 控制台手动设置 lambda 方法名称会自动设置权限。我无法在代码中复制这一点。
这是我用来设置网关的代码:
# Create a rest api
self.rest_api = self.apigateway.create_rest_api(
name='AWS_CMS_Operations'
)
# Get the rest api's root id
root_id = self.apigateway.get_resources(
restApiId=self.rest_api['id']
)['items'][0]['id']
# Create an api resource
api_resource = self.apigateway.create_resource(
restApiId=self.rest_api['id'],
parentId=root_id,
pathPart='AWS_CMS_Manager'
)
# Add a post method to the rest api resource
api_method = self.apigateway.put_method(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
authorizationType='NONE'
)
# Add an integration method to the api resource
self.apigateway.put_integration(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
type='AWS',
integrationHttpMethod='POST', …permissions amazon-web-services boto3 aws-lambda aws-api-gateway
我使用默认AWS策略AWSLambdaBasicExecutionRole中的json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
虽然这是我用来创建角色的代码:
def create_lambda_role():
205 try:
206 iam = boto3.client('iam')
207
208 lambda_permissions_json = ''
209 with open('lambda/lambda_permissions.json', 'r') as thefile:
210 lambda_permissions_json = thefile.read()
211
212 iam.create_role(
213 RoleName='lambda_basic_execution',
214 AssumeRolePolicyDocument=str(lambda_permissions_json)
215 )
216 except botocore.exceptions.ClientError as e:
217 print e.response['Error']['Code']
218 return False
219
220 return True
但它总是返回一个MalformattedPolicyDocument错误,我不能为我的生活看到原因.